Dismantling Common Internet Services for Ad-Malware Detection
0
Sign in to get full access
Overview
- This paper presents a novel approach to detecting ad-malware, which are advertisements that contain malicious code, by dismantling common internet services.
- The researchers developed a system that analyzes web traffic and identifies suspicious ad-related activities to detect ad-malware.
- The evaluation shows that their approach can effectively identify ad-malware with high accuracy, outperforming existing solutions.
Plain English Explanation
The paper discusses a way to detect a type of malware that hides inside online advertisements. This malware can be hard to find because it's embedded in the ads that people see on websites. The researchers created a system that looks at the internet traffic going to and from websites and tries to spot suspicious activity related to these ads. By analyzing the way the ads and websites interact, the system can identify ads that contain malicious code, which the researchers call "ad-malware." The evaluation shows that this approach is better at finding ad-malware than other existing methods.
Technical Explanation
The paper presents a system for detecting ad-malware, which are advertisements that contain malicious code. The researchers developed a novel approach that dismantles common internet services to analyze web traffic and identify suspicious ad-related activities.
The system works by monitoring and analyzing the interactions between websites, ad networks, and other internet services involved in the ad delivery process. By examining the network traffic, domain features, and behavioral patterns, the system can detect anomalies and indicators of ad-malware.
The researchers evaluated their approach on a large dataset of real-world web traffic and found that it outperformed existing ad-malware detection methods in terms of accuracy and performance. The evaluation results demonstrate the effectiveness of their dismantling approach in identifying ad-malware.
Critical Analysis
The paper provides a thorough evaluation of the proposed ad-malware detection system, but it does not address some potential limitations. For example, the researchers do not discuss how their system might handle evolving ad-malware techniques or the challenges of maintaining an up-to-date knowledge base to identify new threats.
Additionally, the paper does not explore the potential for false positives or the impact on user privacy when extensively monitoring web traffic. These are important considerations that could be addressed in future research.
Conclusion
The paper presents a novel approach to detecting ad-malware by dismantling common internet services and analyzing web traffic. The researchers' system demonstrates robust performance in identifying malicious advertisements, outperforming existing solutions. While the paper provides a thorough technical explanation and evaluation, it would benefit from a discussion of the potential limitations and areas for further research. Overall, the proposed approach represents a significant advancement in the field of ad-malware detection and could have important implications for securing the web ecosystem.
This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!
Related Papers
0
Dismantling Common Internet Services for Ad-Malware Detection
Florian Nettersheim, Stephan Arlt, Michael Rademacher
Online advertising represents a main instrument for publishers to fund content on the World Wide Web. Unfortunately, a significant number of online advertisements often accommodates potentially malicious content, such as cryptojacking hidden in web banners - even on reputable websites. In order to protect Internet users from such online threats, the thorough detection of ad-malware campaigns plays a crucial role for a safe Web. Today, common Internet services like VirusTotal can label suspicious content based on feedback from contributors and from the entire Web community. However, it is open to which extent ad-malware is actually taken into account and whether the results of these services are consistent. In this pre-study, we evaluate who defines ad-malware on the Internet. In a first step, we crawl a vast set of websites and fetch all HTTP requests (particularly to online advertisements) within these websites. Then we query these requests both against popular filtered DNS providers and VirusTotal. The idea is to validate, how much content is labeled as a potential threat. The results show that up to 0.47% of the domains found during crawling are labeled as suspicious by DNS providers and up to 8.8% by VirusTotal. Moreover, only about 0.7% to 3.2% of these domains are categorized as ad-malware. The overall responses from the used Internet services paint a divergent picture: All considered services have different understandings to the definition of suspicious content. Thus, we outline potential research efforts to the automated detection of ad-malware. We further bring up the open question of a common definition of ad-malware to the Web community.
Read more4/23/2024
0
A Survey of Malware Detection Using Deep Learning
Ahmed Bensaoud, Jugal Kalita, Mahmoud Bensaoud
The problem of malicious software (malware) detection and classification is a complex task, and there is no perfect approach. There is still a lot of work to be done. Unlike most other research areas, standard benchmarks are difficult to find for malware detection. This paper aims to investigate recent advances in malware detection on MacOS, Windows, iOS, Android, and Linux using deep learning (DL) by investigating DL in text and image classification, the use of pre-trained and multi-task learning models for malware detection approaches to obtain high accuracy and which the best approach if we have a standard benchmark dataset. We discuss the issues and the challenges in malware detection using DL classifiers by reviewing the effectiveness of these DL classifiers and their inability to explain their decisions and actions to DL developers presenting the need to use Explainable Machine Learning (XAI) or Interpretable Machine Learning (IML) programs. Additionally, we discuss the impact of adversarial attacks on deep learning models, negatively affecting their generalization capabilities and resulting in poor performance on unseen data. We believe there is a need to train and test the effectiveness and efficiency of the current state-of-the-art deep learning models on different malware datasets. We examine eight popular DL approaches on various datasets. This survey will help researchers develop a general understanding of malware recognition using deep learning.
Read more7/30/2024
🔎
0
Obfuscated Memory Malware Detection
Sharmila S P, Aruna Tiwari, Narendra S Chaudhari
Providing security for information is highly critical in the current era with devices enabled with smart technology, where assuming a day without the internet is highly impossible. Fast internet at a cheaper price, not only made communication easy for legitimate users but also for cybercriminals to induce attacks in various dimensions to breach privacy and security. Cybercriminals gain illegal access and breach the privacy of users to harm them in multiple ways. Malware is one such tool used by hackers to execute their malicious intent. Development in AI technology is utilized by malware developers to cause social harm. In this work, we intend to show how Artificial Intelligence and Machine learning can be used to detect and mitigate these cyber-attacks induced by malware in specific obfuscated malware. We conducted experiments with memory feature engineering on memory analysis of malware samples. Binary classification can identify whether a given sample is malware or not, but identifying the type of malware will only guide what next step to be taken for that malware, to stop it from proceeding with its further action. Hence, we propose a multi-class classification model to detect the three types of obfuscated malware with an accuracy of 89.07% using the Classic Random Forest algorithm. To the best of our knowledge, there is very little amount of work done in classifying multiple obfuscated malware by a single model. We also compared our model with a few state-of-the-art models and found it comparatively better.
Read more8/26/2024
0
Optimizing Malware Detection in IoT Networks: Leveraging Resource-Aware Distributed Computing for Enhanced Security
Sreenitha Kasarapu, Sanket Shukla, Sai Manoj Pudukotai Dinakarrao
In recent years, networked IoT systems have revo- lutionized connectivity, portability, and functionality, offering a myriad of advantages. However, these systems are increasingly targeted by adversaries due to inherent security vulnerabilities and limited computational and storage resources. Malicious applications, commonly known as malware, pose a significant threat to IoT devices and networks. While numerous malware detection techniques have been proposed, existing approaches often overlook the resource constraints inherent in IoT environ- ments, assuming abundant resources for detection tasks. This oversight is compounded by ongoing workloads such as sens- ing and on-device computations, further diminishing available resources for malware detection. To address these challenges, we present a novel resource- and workload-aware malware detection framework integrated with distributed computing for IoT networks. Our approach begins by analyzing available resources for malware detection using a lightweight regression model. Depending on resource availability, ongoing workload executions, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes with sufficient resources. To safeguard data integrity and user privacy, rather than transferring the entire malware detection task, the classifier is partitioned and distributed across multiple nodes, and subsequently integrated at the parent node for comprehensive malware detection. Experimental analysis demonstrates the efficacy of our proposed technique, achieving a remarkable speed-up of 9.8x compared to on-device inference, while maintaining a high malware detection accuracy of 96.7%.
Read more4/17/2024