nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

Analyzing Security Risks of Ad-Based URL Shortening Services Caused by Users’ Behaviors

verfasst von : Naoki Fukushi, Takashi Koide, Daiki Chiba, Hiroki Nakano, Mitsuaki Akiyama

Erschienen in: Security and Privacy in Communication Networks

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

URL shortening services make URLs shorter and simpler. Ad-based URL shortening services display advertisements to users who access short URLs and reward short URL creators. However, ad-based URL shortening services have specific security risks that URL shortening services without ads do not, such as displaying malicious advertisements to users. In this study, we reveal previously unknown security risks of these services caused by users’ behaviors. We conducted a comprehensive measurement of ad-based URL shortening services. First, we accessed short URLs of these services, clicked buttons on the web pages, and reached the final destinations of the short URLs. Then, we reveal the security risks posed to users by monitoring and analyzing traffic logs when such short URLs are accessed. We found that all services generated an average of 86.5 web requests to malicious domain names per short URL. We then showed the security risk of unintentionally communicating malicious domain names even when users click only on buttons that correctly move users to their desired destinations. Finally, we discuss countermeasures to mitigate these risks from the perspective of each stakeholder in ad-based URL shortening services.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel XHunter: Understanding XXE Vulnerability via Automatic Analysis

AdBlock (2021). https://getadblock.com/

AdblockPlus (2021). https://adblockplus.org/

Bitly (2021). https://bitly.com/

chrome.webRequest (2021). https://developer.chrome.com/docs/extensions/reference/webRequest/#type-ResourceType

Misrepresentation (2021). https://support.google.com/adspolicy/answer/6020955?hl=en

Number of internet users in selected countries in 2020 (2021). https://www.statista.com/statistics/271411/number-of-internet-users-in-selected-countries/

Puppeteer (2021). https://pptr.dev/

Selenium (2021). https://www.selenium.dev/

SimilarWeb (2021). https://www.similarweb.com/

10.

TinyURL (2021). https://tinyurl.com/app

11.

VirusTotal (2021). https://www.virustotal.com/

12.

Albakry, S., Vaniea, K., Wolters, M.K.: What is this url’s destination? empirical evaluation of users’ URL reading. In: Bernhaupt, R., et al. (eds.) CHI 2020: CHI Conference on Human Factors in Computing Systems, Honolulu, HI, USA, 25–30 April, 2020, pp. 1–12. ACM (2020)

13.

Cao, C., Caverlee, J., Lee, K., Ge, H., Chung, J.: Organic or organized? exploring URL sharing behavior. In: Bailey, J., et al. (eds.) Proceedings of the 24th ACM International Conference on Information and Knowledge Management, CIKM 2015, Melbourne, VIC, Australia, 19–23 October, 2015, pp. 513–522. ACM (2015)

14.

Duman, S., Onarlioglu, K., Ulusoy, A.O., Robertson, W.K., Kirda, E.: Trueclick: automatically distinguishing trick banners from genuine download links. In: Jr., C.N.P., Hahn, A., Butler, K.R.B., Sherr, M. (eds.) Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, LA, USA, 8–12 December, 2014, pp. 456–465. ACM (2014)

15.

Kharraz, A., Robertson, W.K., Kirda, E.: Surveylance: automatically detecting online survey scams. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21–23 May 2018, San Francisco, California, USA, pp. 70–86. IEEE Computer Society (2018)

16.

Koide, T., Chiba, D., Akiyama, M.: To get lost is to learn the way: Automatically collecting multi-step social engineering attacks on the web. In: Sun, H., Shieh, S., Gu, G., Ateniese, G. (eds.) ASIA CCS 2020: The 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, 5–9 October 2020, pp. 394–408. ACM (2020)

17.

Le-Khac, N.A., Kechadi, T.: Security threats of url shortening: a users perspective. J. Adv. Comput. Networks 3, 213–219 (2015)CrossRef

18.

Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G.M., Savage, S.: Re: Captchas-understanding captcha-solving services in an economic context. In: 19th USENIX Security Symposium, Washington, DC, USA, 11–13 August, 2010, Proceedings. pp. 435–462. USENIX Association (2010)

19.

Nepali, R.K., Wang, Y.: You look suspicious!!: leveraging visible attributes to classify malicious short urls on twitter. In: Bui, T.X., Jr., R.H.S. (eds.) 49th Hawaii International Conference on System Sciences, HICSS 2016, Koloa, HI, USA, 5–8 January, 2016, pp. 2648–2655. IEEE Computer Society (2016)

20.

Nikiforakis, N., et al.: Stranger danger: exploring the ecosystem of ad-based URL shortening services. In: Chung, C., Broder, A.Z., Shim, K., Suel, T. (eds.) 23rd International World Wide Web Conference, WWW 2014, Seoul, Republic of Korea, 7–11 April, 2014, pp. 51–62. ACM (2014)

21.

Onarlioglu, K., Yilmaz, U.O., Kirda, E., Balzarotti, D.: Insights into user behavior in dealing with internet attacks. In: 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, 5–8 February, 2012. The Internet Society (2012)

22.

Pochat, V.L., van Goethem, T., Tajalizadehkhoob, S., Korczynski, M., Joosen, W.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, 24–27 February, 2019. The Internet Society (2019)

23.

Subramani, K., Yuan, X., Setayeshfar, O., Vadrevu, P., Lee, K.H., Perdisci, R.: When push comes to ads: measuring the rise of (malicious) push advertising. In: IMC ’20: ACM Internet Measurement Conference, Virtual Event, USA, October 27–29, 2020, pp. 724–737. ACM (2020)

24.

Yousaf, S., Iqbal, U., Farooqi, S., Ahmad, R., Shafiq, M.Z., Zaffar, F.: Malware slums: measurement and analysis of malware on traffic exchanges. In: 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016, Toulouse, France, 28 June–1 July, 2016, pp. 572–582. IEEE Computer Society (2016)

25.

Zhu, S., Hu, X., Qian, Z., Shafiq, Z., Yin, H.: Measuring and disrupting anti-adblockers using differential execution analysis. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February, 2018. The Internet Society (2018)

Titel: Analyzing Security Risks of Ad-Based URL Shortening Services Caused by Users’ Behaviors
verfasst von: Naoki Fukushi
Takashi Koide
Daiki Chiba
Hiroki Nakano
Mitsuaki Akiyama
Verlag: Springer International Publishing
Buch: Security and Privacy in Communication Networks
Print ISBN: 978-3-030-90021-2

Electronic ISBN: 978-3-030-90022-9

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-90022-9_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner