Dismantling Common Internet Services for Ad-Malware Detection
arxiv(2024)
摘要
Online advertising represents a main instrument for publishers to fund
content on the World Wide Web. Unfortunately, a significant number of online
advertisements often accommodates potentially malicious content, such as
cryptojacking hidden in web banners - even on reputable websites. In order to
protect Internet users from such online threats, the thorough detection of
ad-malware campaigns plays a crucial role for a safe Web. Today, common
Internet services like VirusTotal can label suspicious content based on
feedback from contributors and from the entire Web community. However, it is
open to which extent ad-malware is actually taken into account and whether the
results of these services are consistent. In this pre-study, we evaluate who
defines ad-malware on the Internet. In a first step, we crawl a vast set of
websites and fetch all HTTP requests (particularly to online advertisements)
within these websites. Then we query these requests both against popular
filtered DNS providers and VirusTotal. The idea is to validate, how much
content is labeled as a potential threat. The results show that up to 0.47
the domains found during crawling are labeled as suspicious by DNS providers
and up to 8.8
domains are categorized as ad-malware. The overall responses from the used
Internet services paint a divergent picture: All considered services have
different understandings to the definition of suspicious content. Thus, we
outline potential research efforts to the automated detection of ad-malware. We
further bring up the open question of a common definition of ad-malware to the
Web community.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要