a multi -layered approach to detecting malicious …...advertising • advertising is also a vector...
TRANSCRIPT
A Multi-Layered Approach to Detecting Malicious Mobile Advertising
Federation University and La Trobe University
What we will cover today
• Problem statement • How to block malicious advertising (malvertising) but retain legitimate ads?
• The team• Federation University and La Trobe University
• The approach• Description of demonstrators and future work
• Commercial opportunities
About us
• Project leads• Prof Iqbal Gondal (Fed Uni) and Prof Paul Watters (La Trobe)
• Key staff• Paul Black (Fed Uni) and Daniel Hussey (La Trobe)
• Fed Uni – data mining• La Trobe – system architecture and implementation
Defining the problem
• The vast majority of internet services rely on paid advertising• Advertising is also a vector for delivering malware
• Including ransomware, cryptojacking, redirection• Current solutions like Adblock stop all ads, undermining
the commercial model of the internet• We need a system that can detect and block ads that deliver
known malware as well as ‘0 day’ attacks
The solution
• Real-time detection of malicious ads• Browser plug-in identifies all ads in a page, passes them
to cloud-based sandbox for malicious behaviour identification (slow)
• If malware detected, then database updated with webpage features andwebpage metadata, block ad
• As database grows and classifier trained, less reliance on running new samples in the sandbox
• Classifier can make decisions based on features alone (fast)• Support for mobile and desktop devices
Example
The competitive advantage
• GeoEdge finds malvertising cost ad networks US$1.13b in 2019 with growth rates of 30% pa• Our product can detect and block known and novel
malvertising – pop-up ads, in-text ads, drive-by-downloads,hidden iframes etc.• Backed by proprietary data mining algorithms and a validated
system architecture• IP protection through Fed Uni and La Trobe Uni
Application of use
• Target market is all end-users who own a phone or PC or enterprises who want to protect the corporate network• Sold through download/subscription
• Legitimate ad networks feel the pain – redirects stop real users viewing their ads• Advertisers lose legitimate views as well
Scalability
• Initial database seeded with 100,000 pages with known-bad advertising (based on previous research)• Cloud-based architecture is highly scalable but
algorithm-dependent• Novel samples take significant time to process
• Need to build a web-based crawler to identify and train the classifier to reduce wait times for plug-in analysis for new samples
• Crawler should operate continuously gathering valuable intelligence on current threats
Our value proposition
• Rapid, real-time detection and blocking of threats delivered through ads• Performance, scalability and accuracy improved through
the use of intelligence gathering on current threats• Low-cost, competitive solution available to a very broad
marketplace