Docstoc

adam

Document Sample
adam Powered By Docstoc
					Detecting Fraudulent Clicks
From BotNets 2.0

                                                  Adam Barth
     Joint work with Dan Boneh, Andrew Bortz, Collin Jackson,
           John Mitchell, Weidong Shao, and Elizabeth Stinson
BotNets, Current and Future
  Traditional BotNets             BotNets 2.0
Permanent malware        Ephemeral
• Infect host            • Browser-based
  – Email attachments      – Malicious advertisements
  – Drive-by downloads     – Popular web sites

Click-fraud, Spam,       Click-fraud, Spam,
DDoS, Key-logging        (maybe DDoS)

~100,000 members         Much larger
Browser Security Model
• Same-origin policy for network access
  – Origin is scheme://host:port


• Write HTTP anywhere on the network
  – Easy using HTML forms
  – Except restricted ports, like 25 (SMTP)


• Read from origin only
  – Can read some “library” formats from anywhere
     • JavaScript, CSS, Images, Applets, etc
Desired Properties of Policy
• Can’t send spam
  – Writes to port 25 blocked


• Can’t click advertisements
  – Need to READ a token to make a click count


• Unfortunately…

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:9
posted:12/19/2011
language:
pages:20