Skip to main content
SpringerLink
Log in
Book cover

International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

DIMVA 2017: Detection of Intrusions and Malware, and Vulnerability Assessment pp 388–409Cite as

Measuring Network Reputation in the Ad-Bidding Process

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10327))

Abstract

Online advertising is a multi-billion dollar market, and therefore a target for abuse by Internet criminals. Prior work has shown millions of dollars of advertisers’ capital are lost due to ad abuse and focused on defense from the perspective of the end-host or the local network egress point. We investigate the potential of using public threat data to measure and detect adware and malicious affiliate traffic from the perspective of demand side platforms, which facilitate ad bidding between ad exchanges and advertisers. Our results show that malicious ad campaigns have statistically significant differences in traffic and lookup patterns from benign ones, however, public blacklists can only label a small percentage of ad publishers (0.27%), which suggests new lists dedicated to ad abuse should be created. Furthermore, we show malicious infrastructure on ad exchanges can be tracked with simple graph analysis and maliciousness heuristics.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. EasyList. https://easylist-downloads.adblockplus.org/easylist.txt

  2. Hphosts List. http://hosts-file.net/?s=Download

  3. I.T. Mate List. http://vurldissect.co.uk/daily.asp

  4. Malc0de Database. http://malc0de.com/bl/BOOT

  5. Malware Domain List. https://www.malwaredomainlist.com/

  6. PassiveTotal: RiskIQ. https://www.passivetotal.org/

  7. sagadc.org list. http://dns-bh.sagadc.org/domains.txt

  8. SANS ISC Feeds. https://isc.sans.edu/feeds/

  9. Mozilla Public Suffix List (2015). https://publicsuffix.org/list/

  10. Advertising Age. Ad Fraud Will Cost $7.2 Billion in 2016, ANA Says, Up Nearly $1 Billion. http://bit.ly/1Qe21C2

  11. Alexa: The web information company (2007). http://www.alexa.com/

  12. Alrwais, S.A., Gerber, A., Dunn, C.W., Spatscheck, O., Gupta, M., Osterweil, E.: Dissecting ghost clicks: ad fraud via misdirected human clicks. In: Proceedings of the 28th Annual Computer Security Applications Conference. ACM (2012)

    Google Scholar 

  13. Antonakakis, M., Demar, J., Stevens, K., Dagon, D.: Unveiling the network criminal infrastructure of tdss/tdl4 dgav14: a case study on a new tdss/tdl4 variant. Technical Report, Damballa Inc.,Georgia Institute of Technology (GTISC) (2012)

    Google Scholar 

  14. Association of National Advertisers: The Bot Baseline: Fraud in Digital Advertising. http://bit.ly/1PKe769

  15. Chen, Y., Kintis, P., Antonakakis, M., Nadji, Y., Dagon, D., Lee, W., Farrell, M.: Financial lower bounds of online advertising abuse. In: International conference on Detection of Intrusions and Malware, and Vulnerability Assessment (2016)

    Google Scholar 

  16. ClickZ. Fake Display Ad Impressions Comprise 30% of All Online Traffic [Study]. http://bit.ly/2e3HdCZ

  17. Daswani, N., Stoppelman, M.: The anatomy of Clickbot.A. In: The First Workshop on Hot Topics in Understanding Botnets. USENIX Association (2007)

    Google Scholar 

  18. Dave, V., Guha, S., Zhang, Y.: Measuring and fingerprinting click-spam in ad networks. In: Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (2012)

    Google Scholar 

  19. Dave, V., Guha, S., Zhang, Y.: Viceroi: catching click-spam in search ad networks. In: 2013 ACM SIGSAC Conference on Computer & Communications Security (2013)

    Google Scholar 

  20. Department of Homeland Security: Trusted Cyber Risk Research Data Sharing. https://www.dhs.gov/csd-impact

  21. Kapravelos, A., Grier, C., Chachra, N., Kruegel, C., Vigna, G., Paxson, V.: Hulk: eliciting malicious behavior in browser extensions. In: 23rd USENIX Security Symposium (USENIX Security) (2014)

    Google Scholar 

  22. Malware Tips: How to remove Websearch.searc-hall.info. http://bit.ly/2e9qyKw

  23. Malware Tips: Remove Sl.now-update-check.com virus. http://bit.ly/2dm1LWp

  24. Meng, W., Duan, R., Lee, W.: DNS Changer Remediation Study. In: M3AAWG 27th General Meeting (2013)

    Google Scholar 

  25. Metwally, A., Agrawal, D., El Abbadi, A.: Detectives: detecting coalition hit inflation attacks in advertising networks streams. In: Proceedings of the 16th International Conference on World Wide Web, pp. 241–250. ACM (2007)

    Google Scholar 

  26. Miller, B., Pearce, P., Grier, C., Kreibich, C., Paxson, V.: What’s clicking what? Techniques and innovations of today’s clickbots. In: Detection of Intrusions and Malware, and Vulnerability Assessment (2011)

    Google Scholar 

  27. openrtb.info: OpenRTB: Documentation and Issue tracking for the OpenRTB Project (2014). http://openrtb.github.io/OpenRTB/

  28. Pearce, P., Dave, V., Grier, C., Levchenko, K., Guha, S., McCoy, D., Paxson, V., Savage, S., Voelker, G.M.: Characterizing large-scale click fraud in zeroaccess. In: 2014 ACM SIGSAC Conference on Computer and Communications Security (2014)

    Google Scholar 

  29. Springborn, K., Barford, P.: Impression fraud in online advertising via pay-per-view networks. In: Proceedings of the 22nd USENIX Security Symposium (2013)

    Google Scholar 

  30. Stone-Gross, B., Stevens, R., Zarras, A., Kemmerer, R., Kruegel, C., Vigna, G.: Understanding fraudulent activities in online ad exchanges. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (2011)

    Google Scholar 

  31. Thomas, K., Bursztein, E., Grier, C., Ho, G., Jagpal, N., Kapravelos, A., McCoy, D., Nappa, A., Paxson, V., Pearce, P., et al.: Ad injection at scale: assessing deceptive advertisement modifications. In: 2015 IEEE Symposium on Security and Privacy (2015)

    Google Scholar 

  32. Tian, T., Zhu, J., Xia, F., Zhuang, X., Zhang, T.: Crowd fraud detection in internet advertising. In: Proceedings of the 24th International Conference on World Wide Web, pp. 1100–1110. ACM (2015)

    Google Scholar 

  33. TrendMicro, Inc.: Threat Encyclopedia: TROJ_LEMIR.CS (2012). https://goo.gl/8ryRjK

  34. Tuzhilin, A.: The Lane’s Gift v. Google Report (2006)

    Google Scholar 

  35. VirusTotal: Antivirus scan (2014). https://goo.gl/jU0b0b

  36. VirusTotal: Antivirus scan (2015). https://goo.gl/s97XI5

  37. VirusTotal: IP address information (2015). https://goo.gl/ifLvT5

  38. Xing, X., Meng, W., Lee, B., Weinsberg, U., Sheth, A., Perdisci, R., Lee, W.: Understanding malvertising through ad-injecting browser extensions. In: Proceedings of the 24th International Conference on World Wide Web (2015)

    Google Scholar 

  39. Zeus Tracker: Zeus IP & domain name block list. https://zeustracker.abuse.ch

Download references

Acknowledgements

We would like to thank TAPAD and in particular their CTO, Dag Liodden, for his invaluable help throughout this project. This material is based upon work supported in part by the US Department of Commerce grant 2106DEK, National Science Foundation (NSF) grant 2106DGX and Air Force Research Laboratory/Defense Advanced Research Projects Agency grant 2106DTX. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US Department of Commerce, National Science Foundation, Air Force Research Laboratory, or Defense Advanced Research Projects Agency.

Author information

Authors and Affiliations

  1. School of Computer Science, Georgia Institute of Technology, Atlanta, Georgia

    Yizheng Chen & David Dagon

  2. School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, Georgia

    Yacin Nadji, Rosa Romero-Gómez & Manos Antonakakis

Authors
  1. Yizheng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yacin Nadji
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rosa Romero-Gómez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Manos Antonakakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. David Dagon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yizheng Chen .

Editor information

Editors and Affiliations

  1. Stony Brook University, Stony Brook, New York, USA

    Michalis Polychronakis

  2. University of Bonn and Fraunhofer FKIE, Bonn, Germany

    Michael Meier

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Chen, Y., Nadji, Y., Romero-Gómez, R., Antonakakis, M., Dagon, D. (2017). Measuring Network Reputation in the Ad-Bidding Process. In: Polychronakis, M., Meier, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2017. Lecture Notes in Computer Science(), vol 10327. Springer, Cham. https://doi.org/10.1007/978-3-319-60876-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60876-1_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60875-4

  • Online ISBN: 978-3-319-60876-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation