What You See is NOT What You Get: Discovering and Tracking Social Engineering Attack Campaigns

Phani Vadrevu, R. Perdisci
{"title":"What You See is NOT What You Get: Discovering and Tracking Social Engineering Attack Campaigns","authors":"Phani Vadrevu, R. Perdisci","doi":"10.1145/3355369.3355600","DOIUrl":null,"url":null,"abstract":"Malicious ads often use social engineering (SE) tactics to coax users into downloading unwanted software, purchasing fake products or services, or giving up valuable personal information. These ads are often served by low-tier ad networks that may not have the technical means (or simply the will) to patrol the ad content they serve to curtail abuse. In this paper, we propose a system for large-scale automatic discovery and tracking of SE Attack Campaigns delivered via Malicious Advertisements (SEACMA). Our system aims to be generic, allowing us to study the SEACMA ad distribution problem without being biased towards specific categories of ad-publishing websites or SE attacks. Starting with a seed of low-tier ad networks, we measure which of these networks are the most likely to distribute malicious ads and propose a mechanism to discover new ad networks that are also leveraged to support the distribution of SEACMA campaigns. The results of our study aim to be useful in a number of ways. For instance, we show that SEACMA ads use a number of tactics to successfully evade URL blacklists and ad blockers. By tracking SEACMA campaigns, our system provides a mechanism to more proactively detect and block such evasive ads. Therefore, our results provide valuable information that could be used to improve defense systems against social engineering attacks and malicious ads in general.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"9 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"32","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Internet Measurement Conference 2018","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3355369.3355600","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 32

Abstract

Malicious ads often use social engineering (SE) tactics to coax users into downloading unwanted software, purchasing fake products or services, or giving up valuable personal information. These ads are often served by low-tier ad networks that may not have the technical means (or simply the will) to patrol the ad content they serve to curtail abuse. In this paper, we propose a system for large-scale automatic discovery and tracking of SE Attack Campaigns delivered via Malicious Advertisements (SEACMA). Our system aims to be generic, allowing us to study the SEACMA ad distribution problem without being biased towards specific categories of ad-publishing websites or SE attacks. Starting with a seed of low-tier ad networks, we measure which of these networks are the most likely to distribute malicious ads and propose a mechanism to discover new ad networks that are also leveraged to support the distribution of SEACMA campaigns. The results of our study aim to be useful in a number of ways. For instance, we show that SEACMA ads use a number of tactics to successfully evade URL blacklists and ad blockers. By tracking SEACMA campaigns, our system provides a mechanism to more proactively detect and block such evasive ads. Therefore, our results provide valuable information that could be used to improve defense systems against social engineering attacks and malicious ads in general.
你所看到的不是你得到的:发现和跟踪社会工程攻击活动
恶意广告通常使用社会工程(SE)策略来诱骗用户下载不需要的软件,购买假冒产品或服务,或放弃有价值的个人信息。这些广告通常是由底层广告网络提供的,它们可能没有技术手段(或者只是意愿)来监督它们所提供的广告内容,以遏制滥用。在本文中,我们提出了一个大规模自动发现和跟踪通过恶意广告传递的SE攻击活动(SEACMA)的系统。我们的系统的目标是通用的,使我们能够研究SEACMA广告分发问题,而不偏向于特定类别的广告发布网站或SE攻击。从底层广告网络的种子开始,我们测量了这些网络中哪些最有可能传播恶意广告,并提出了一种机制来发现新的广告网络,这些广告网络也被用来支持SEACMA活动的传播。我们的研究结果在很多方面都是有用的。例如,我们展示了SEACMA广告使用许多策略来成功地逃避URL黑名单和广告拦截器。通过跟踪SEACMA活动,我们的系统提供了一种更主动地检测和阻止此类规避广告的机制。因此,我们的结果提供了有价值的信息,可用于改进防御系统,以抵御社会工程攻击和恶意广告。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信