TWC: Small: Knowing Your Enemy: Understanding and Counteracting Web Malvertising
Indiana University, Bloomington IN
Investigators
Abstract
With the Internet becoming the dominant channel for marketing and promotion, online advertisements (ad for short) are also increasingly used for propagating malware, committing scams, click frauds and other illegal activities. These activities, which we call malvertising, systematically deliver malicious ad content and victimize visitors through an infrastructure, which includes malicious advertisers, ad networks, redirection servers, exploit servers and others. Our preliminary study shows that most of such malvertising activities are missed by popular detection services such as Google Safe Browsing and Microsoft Forefront. This points to a disturbing lack of understanding of such web malvertising activities, which renders existing countermeasures less effective, and an urgent need to study the features of this threat to better prepares us to defend against it. The proposed research endeavors to gain a holistic, in-depth understanding about the scope and magnitude of malicious display, search and contextual advertising, features of their infrastructures and ad content, behavior of malicious ad-related parties, and economics of this underground business. Based upon such a understanding, we continue to develop novel infrastructure-aware technologies to detect these malicious activities, which include effective malvertising analysis techniques that capture malicious ads, advertisers and ad networks through web patrol, client-side defense that protects a user from stepping into exploit servers and publisher-side countermeasures that empower legitimate publishers and ad networks to shield their customers from such attacks. This research involves industry collaborators and also contributes to mitigation of other related threats such as black-hat Search Engine Optimization, SPAM-based phishing and drive-by-downloads.
View original record on NSF Award Search →