ABSTRACT
Motivated by reasons related to privacy, obtrusiveness, and security, there is great interest in the prospect of blocking advertisements. Current approaches to this goal involve keeping sets of URL-based regular expressions, which are matched against every URL fetched on a web page. While generally effective, this approach is not scalable and requires constant manual maintenance of the filtering lists. To counter these shortcomings, we present a fundamentally different approach with which we demonstrate that static program analysis on JavaScript source code can be used to identify JavaScript that loads and displays ads. Our use of static analysis lets us flag and block ad-related scripts before runtime, offering security in addition to blocking ads. Preliminary results from a classifier trained on the features we develop achieve 98% accuracy in identifying ad-related scripts.
- EasyBlog - EasyList statistics: August 2011. https://easylist.adblockplus.org/blog/2011/09/01/easylist-statistics:-august-2011, 2011.Google Scholar
- Adblock Plus - for annoyance-free web surfing. http://adblockplus.org/en/, 2012.Google Scholar
- EasyList Mercurial changelogs. https://hg.adblockplus.org/easylist/, April 2012.Google Scholar
- Alexa Internet. The top 500 sites on the Web. http://www.alexa.com/topsites, May 2012.Google Scholar
- D. Blog. Q1'10 web-based malware data and trends. http://blog.dasient.com/2010/05/q110-web-based-malware-data-and-trends.html, May 2012.Google Scholar
- D. Canali, M. Cova, G. Vigna, and C. Kruegel. Prophiler: a fast filter for the large-scale detection of malicious web pages. In International World Wide Web Conference (WWW), 2011. Google ScholarDigital Library
- C.-C. Chang and C.-J. Lin. LIBSVM - A Library for Support Vector Machines. http://www.csie.ntu.edu.tw/~cjlin/libsvm/, 2012. Google ScholarDigital Library
- M. Cova, C. Kruegel, and G. Vigna. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In International World Wide Web Conference (WWW), 2010. Google ScholarDigital Library
- C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert. ZOZZLE: fast and precise in-browser JavaScript malware detection. In USENIX Security Symposium, 2011. Google ScholarDigital Library
- X. Dong, M. Tran, Z. Liang, and X. Jiang. AdSentry: comprehensive and exible confinement of JavaScript-based advertisements. In Annual Computer Security Applications Conference (ACSAC), 2011. Google ScholarDigital Library
- S. ECMA-262. ECMAScript language specification, edition 5.1. Technical Report ISO/IEC 16262:2011, ECMA International, June 2011.Google Scholar
- Evidon, Inc. Ghostery. http://www.ghostery.com/, 2012.Google Scholar
- B. Feinstein and D. Peck. Caffieine Monkey: Automated collection, detection and analysis of malicious JavaScript. In Black Hat USA, 2007.Google Scholar
- M. Foundation. SpiderMonkey (JavaScript-C) Engine. http://www.mozilla.org/js/spidermonkey/.Google Scholar
- D. Jang, R. Jhala, S. Lerner, and H. Shacham. An empirical study of privacy-violating information flows in JavaScript web applications. In ACM Conference on Computer and Communications Security (CCS), 2010. Google ScholarDigital Library
- A. Keep, A. Chauhan, C.-Y. Shei, and P. Ratnalikar. RubyWrite: A Ruby-embedded domain-specific language for high-level transformations. School of Informatics and Computing, Indiana University, Bloomington, 2009.Google Scholar
- P. G. Leon, B. Ur, R. Balebako, L. F. Cranor, R. Shay, and Y. Wang. Why Johnny can't opt out: A usability evaluation of tools to limit online behavioral advertising. Technical Report CMU-CyLab-11-017, Carnegie Mellon University, Pittsburgh, PA 15213, Oct. 2011.Google Scholar
- C. D. Manning, P. Raghavan, and H. Schtze. Introduction to Information Retrieval. Cambridge University Press, New York, NY, USA, April 2009. Google ScholarDigital Library
- Mozilla. Firebug. http://getfirebug.com/, 2012.Google Scholar
- G. Richards, C. Hammer, B. Burg, and J. Vitek. The eval that men do: A large-scale study of the use of eval in JavaScript applications. In European conference on Object-Oriented Programming (ECCOP), 2011. Google ScholarDigital Library
- G. Richards, S. Lebresne, B. Burg, and J. Vitek. An analysis of the dynamic behavior of JavaScript programs. ACM SIGPLAN Not., 45:1--12, June 2010. Google ScholarDigital Library
- K. Rieck, T. Krueger, and A. Dewald. Cujo: Efficient detection and prevention of drive-by-download attacks. In Annual Computer Security Applications Conference (ACSAC), pages 31--39, 2010. Google ScholarDigital Library
- T. Simonite. Ad Men and Browser Geeks Collide Over Web Protocols. http://www.technologyreview.com/news/428050/ad-men-and-browser-geeks-collide-over-web/, June 2012.Google Scholar
- D. Yu, A. Chander, N. Islam, and I. Serikov. JavaScript instrumentation for browser security. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2007. Google ScholarDigital Library
- C. Yue and H. Wang. Characterizing insecure JavaScript practices on the web. In International World Wide Web Conference (WWW), 2009. Google ScholarDigital Library
Recommendations
A measurement study of insecure javascript practices on the web
JavaScript is an interpreted programming language most often used for enhancing webpage interactivity and functionality. It has powerful capabilities to interact with webpage documents and browser windows, however, it has also opened the door for many ...
Comments