Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising - Research Paper Example

Summary of a Study Li et al. , in their study d Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising, have talked about the malicious effect of infected advertisements, known as malware, and how people and even renowned business websites fall prey to such malware. They have talked about how common this malware has become in present days, and how easily it can get access to personal data and misuse it. The researchers have also presented an effective technique, in the form of a new detection system, called MadTracer, which enables the users to detect the malware and secure their data from it through identifying threats and attacks.

They have found MadTracer to be very effective as compared to renowned malware detecting softwares, and have discussed its efficiency in detail. In the study, three types of malware attacks were considered: Drive-by download, scam and phishing, and click-fraud attacks. The study was conducted by focusing on ad-related infrastructure; that is, the relationship and interaction between different ad-related parties and ad publishing parties was analyzed. The pattern of interaction was evaluated by crawling through different popular web pages and publisher parties, so as to identify how malware could be detected through identifying malware.

A crawler as a Firefox add-on was created to help trace the web pages. All network requests, responses, browser events, and the retrieved code was recorded. After that, the causal relations among the set of HTTP requests (URLs) originated from the pages were identified. Nodes, paths, and domain paths were studied. The malicious activities and their infrastructure features were studied in detail to identify the malicious activities that exploit the display ads. The findings of the study show that malicious ad nodes could be differentiated from the legitimate ones through studying common node features, like node roles and domain registration times.

However, these features were to be analyzed together and not alone to maximize the differentiating power. Node features, when studied with ad paths, provided greatest detection. Multiple consecutive malicious nodes, that were totally unrelated with ads, were found to be staying together along the redirection chain of a normal ad, which helped identify that it was easy to detect malware through neighboring nodes. It was not required to go beyond neighboring nodes for detection. Hence, the interaction between nodes was very helpful in identifying malicious attacks set for exploiting display ads.

My personal opinion is that the researchers have made great effort in detecting the malware and the malicious activities that are set to exploit the display ads. It is very important to stop this malware, because manifold business websites, e-consumers, and e-businessmen get affected by such malicious activities, unknowingly. Computer experts might be able to detect such malware, but laymen easily fall prey to malvertising ads and websites. So, it is very important to create ways for them to identify the malware, so that they stay safe while indulging in e-commerce and other activities on the internet.

The relationship among nodes and the patterns of interaction among neighboring nodes was very interesting, and I found this study to be a beneficial addition in malware detection studies. ReferencesLi, Z., Zhang, K., Xie, Y., Yu, F., & Wang, X. (2012). Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising. Retrieved November 18, 2012, from http://www.cs.indiana.edu/~lizho/fp029-li.pdf