An approach for identifying JavaScript-loaded advertisements through static program analysis

Abstract

Motivated by reasons related to privacy, obtrusiveness, and security, there is great interest in the prospect of blocking advertisements. Current approaches to this goal involve keeping sets of URL-based regular expressions, which are matched against every URL fetched on a web page. While generally effective, this approach is not scalable and requires constant manual maintenance of the filtering lists. To counter these shortcomings, we present a fundamentally different approach with which we demonstrate that static program analysis on JavaScript source code can be used to identify JavaScript that loads and displays ads. Our use of static analysis lets us flag and block ad-related scripts before runtime, offering security in addition to blocking ads. Preliminary results from a classifier trained on the features we develop achieve 98% accuracy in identifying ad-related scripts.