A game theoretic approach for inspecting web-based malvertising

Web-based advertising system has become a convenient and efficient channel for advertisers to deliver ads to targeted Internet users. Unfortunately, this system has been exploited by cybercriminals to disseminate malware to an enormous number of end-users and their vulnerable machines. To protect their malicious ads and malware from detection by the ad network, malvertisers apply a variety of evasion techniques such as fingerprinting the execution environment, redirecting to compromised IP addresses, and malware polymorphism. On the other hand, the ad network can also apply inspection techniques to spoil the malvertiser's tricks and expose the malware. However, both the malvertiser and the ad network are under the constraints of resource and time. In this paper, we aim to apply game theory to formulate the problem of inspecting the malware inserted by the malvertisers into the Web-based advertising system. We design a normal form game between the malvertiser and the ad network, define their strategies and payoff functions, and compute their pure-strategy and mixed-strategy Nash equilibria. We use numeric simulation to evaluate our game theoretic models, and derive several insights from the results that can serve as guidelines for the ad network to decide its best inspection strategy.1

[1]  Murat Kantarcioglu,et al.  A Game-Theoretical Approach for Finding Optimal Strategies in a Botnet Defense Model , 2010, GameSec.

[2]  Jiyong Jang,et al.  Detecting Malicious Exploit Kits using Tree-based Similarity Searches , 2016, CODASPY.

[3]  John Musacchio,et al.  A botnet detection game , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[4]  Chin-Tser Huang,et al.  Automated Collection and Analysis of Malware Disseminated via Online Advertising , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[5]  Fang Yu,et al.  Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[6]  Eitan Altman,et al.  A dynamic game solution to malware attack , 2011, 2011 Proceedings IEEE INFOCOM.

[7]  Antonio Nucci,et al.  Detecting malicious HTTP redirections using trees of user browsing activity , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[8]  Xiang Pan,et al.  Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces , 2016, NDSS.

[9]  Andreas Dewald,et al.  ADSandbox: sandboxing JavaScript to fight malicious websites , 2010, SAC '10.

[10]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[11]  Charles A. Kamhoua,et al.  Testing for Hardware Trojans: A Game-Theoretic Approach , 2014, GameSec.

[12]  Gang Wang,et al.  Detecting malicious landing pages in Malware Distribution Networks , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[13]  Niki Pissinou,et al.  Game theoretic modeling of security and trust relationship in cyberspace , 2016, Int. J. Commun. Syst..

[14]  Wei Xu,et al.  JStill: mostly static detection of obfuscated malicious JavaScript code , 2013, CODASPY.

[15]  Paolo Milani Comparetti,et al.  EvilSeed: A Guided Approach to Finding Malicious Web Pages , 2012, 2012 IEEE Symposium on Security and Privacy.

[16]  Ben Zorn,et al.  Kizzle: A Signature Compiler for Exploit Kits , 2017 .

[17]  Zhenkai Liang,et al.  AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements , 2011, ACSAC '11.

[18]  Christopher Krügel,et al.  Analyzing and Detecting Malicious Flash Advertisements , 2009, 2009 Annual Computer Security Applications Conference.

[19]  Saumya K. Debray,et al.  Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability.

[20]  Fang Yu,et al.  Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures , 2013, 2013 IEEE Symposium on Security and Privacy.