Improving Web Content Blocking With Event-Loop-Turn Granularity JavaScript Signatures

Content blocking is an important part of a performant, user-serving, privacy respecting web. Most content blockers build trust labels over URLs. While useful, this approach has well understood shortcomings. Attackers may avoid detection by changing URLs or domains, bundling unwanted code with benign code, or inlining code in pages. The common flaw in existing approaches is that they evaluate code based on its delivery mechanism, not its behavior. In this work we address this problem with a system for generating signatures of the privacy-and-security relevant behavior of executed JavaScript. Our system considers script behavior during each turn on the JavaScript event loop. Focusing on event loop turns allows us to build signatures that are robust against code obfuscation, code bundling, URL modification, and other common evasions, as well as handle unique aspects of web applications. This work makes the following contributions to improving content blocking: First, implement a novel system to build per-event-loop-turn signatures of JavaScript code by instrumenting the Blink and V8 runtimes. Second, we apply these signatures to measure filter list evasion, by using EasyList and EasyPrivacy as ground truth and finding other code that behaves identically. We build ~2m signatures of privacy-and-security behaviors from 11,212 unique scripts blocked by filter lists, and find 3,589 more unique scripts including the same harmful code, affecting 12.48% of websites measured. Third, we taxonomize common filter list evasion techniques. Finally, we present defenses; filter list additions where possible, and a proposed, signature based system in other cases. We share the implementation of our signature-generation system, the dataset from applying our system to the Alexa 100K, and 586 AdBlock Plus compatible filter list rules to block instances of currently blocked code being moved to new URLs.

[1]  Chris Kanich,et al.  Browser Feature Usage on the Modern Web , 2016, Internet Measurement Conference.

[2]  Joseph Kaye,et al.  The Effect of Ad Blocking on User Engagement with the Web , 2018, WWW.

[3]  Alexandros Kapravelos,et al.  VisibleV8: In-browser Monitoring of JavaScript in the Wild , 2019, Internet Measurement Conference.

[4]  Elie Bursztein,et al.  Cloak of Visibility: Detecting When Machines Browse a Different Web , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[5]  Fang Yu,et al.  Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[6]  Michael Pradel,et al.  Anything to Hide? Studying Minified and Obfuscated Code in the Web , 2019, WWW.

[7]  Chanchal K. Roy,et al.  A Survey on Software Clone Detection Research , 2007 .

[8]  Bernhard Ager,et al.  An Automated Approach for Complementing Ad Blockers’ Blacklists , 2015, Proc. Priv. Enhancing Technol..

[9]  Athina Markopoulou,et al.  NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking , 2018, Proc. Priv. Enhancing Technol..

[10]  Chris Kanich,et al.  Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security , 2017, CCS.

[11]  Michael Backes,et al.  HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs , 2019, CCS.

[12]  Christopher Krügel,et al.  Revolver: An Automated Approach to the Detection of Evasive Web-based Malware , 2013, USENIX Security Symposium.

[13]  Benjamin Livshits,et al.  The Blind Men and the Internet: Multi-Vantage Point Web Measurements , 2019, ArXiv.

[14]  Bo Li,et al.  JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions , 2018, NDSS.

[15]  Benjamin Livshits,et al.  AdGraph: A Graph-Based Approach to Ad and Tracker Blocking , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[16]  Vern Paxson,et al.  A Bestiary of Blocking: The Motivations and Modes behind Website Unavailability , 2018, FOCI @ USENIX Security Symposium.

[17]  Anja Feldmann,et al.  Annoyed Users: Ads and Ad-Block Usage in the Wild , 2015, Internet Measurement Conference.

[18]  Venkata Rama Kiran Garimella,et al.  Ad-blocking: A Study on Performance, Privacy and Counter-measures , 2017, WebSci.

[19]  Vern Paxson,et al.  Exploring Server-side Blocking of Regions , 2018, ArXiv.

[20]  Dan Boneh,et al.  Ad-versarial: Defeating Perceptual Ad-Blocking , 2018, ArXiv.

[21]  Arvind Narayanan,et al.  The Future of Ad Blocking: An Analytical Framework and New Techniques , 2017, ArXiv.

[22]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[23]  Balachander Krishnamurthy,et al.  Towards Seamless Tracking-Free Web: Improved Detection of Trackers via One-class Learning , 2016, Proc. Priv. Enhancing Technol..