AdvertiXment

CNS 第九組
劉俊緯 王行健 陳柏文 鄭百凱

Common Ad Types

必要之惡

Pop-up Ads

Ads with countdown

Disguised Ads

Normal Ads

Why AdBlock

  • Security Issues
  • User Experience

Security Issues

  • Malware
  • Browser tracking
  • Redirect
  • Fishing

User Experience

  • Annoying
  • Time-wasting
  • Accessibility

Chrome 內建

軍備競賽

  •  使用者與廣告商之間
  • 使用者想辦法不要顯示廣告
  • 廣告商會想辦法顯示出來

目前分成3種競賽關係

競賽1

  • 使用者部署防廣告插件
  • rule based blocking
  • 廣告商就要想辦法bypass
  • 更改id or script名稱

競賽2

  • 廣告商部署anti-adblock
  • 常見的方式有:
    • 檢測廣告區塊高度
    • 檢測廣告可見數
    • 加載額外的ads.js來輔助判斷
  • 使用者就要想辦法不要被發現有用adblock

競賽3

  • 使用者部署active ad blocker
  • 建立已知anti-adblocker code的signature(ex: AST)
  • load頁面時即時比對,找出並block anti-adblocker
  • 範例:anti-adblocker killer

用一張圖解釋一切

https://arxiv.org/pdf/1705.08568.pdf

AdvertiXment

Why AdvertiXement?

More Concentration

More Accessibility

Less Annoying

Better Privacy

Mode A

Passive Protection

Accidental Clicks?

  • Malware
  • Browser tracking
  • Redirect
  • Fishing

Rejection Fails

Obfuscation

Masking Succeeds

Masking Covers

DEMO

Mode B

Ad Redirection

Q毛

Browser

Filter List

DEMO

->

Another DEMO

Mode A+B

AdvertiXement

Passive Protection

  •  Less Clickjacking.
  • Less Phishing.
  • No methods to detect.

競賽1的終結者。

Ad Redirection

  • Less Malicious Tackers.
  • Less loading time
  • More Condensed.
  • 讓你的視窗充滿行健 :) .

競賽2的終結者。

AdvertiXment

Finally...

Ad Time:
Do you know 行健?

Sponsor us! facebook.com/008god

Reflection

Advantage

  • Harder to detection
  • Harder to obfuscate

Disadvantage

  • Still rule based
  • Filter list is hard to maintain
  • Not suitable for other type of ads

GREAT CANNON!?

Future work - ML&VPN

Conclusion

Main Contribution

  • 分析廣告的安全性議題並尋求解法
  •  survey 目前的網路廣告的形式
  • 了解 blocker 的競賽現狀與突破點
  • 提出AdvertiXment

Terminator of this war!!!!

(May be)

References

  • https://arxiv.org/pdf/1709.02901.pdf
  • https://arxiv.org/pdf/1605.05077.pdf
  • http://randomwalker.info/publications/ad-blocking-framework-techniques.pdf
  • https://www.makeuseof.com/tag/3-tactics-dealing-adblock-users-site/
  • https://pagefair.com/blog/2013/detect-adblock/

References

  • https://csultimates.net/blog/2017/12/17/bypass-ad-block-detection-in-any-website/
  • http://justcode.ikeepstudying.com/2015/06/%E7%BD%91%E9%A1%B5%E6%A3%80%E6%B5%8B-adblock-%E7%9A%84-6-%E7%A7%8D%E6%96%B9%E6%B3%95/
  • https://www.getit01.com/p20171221133142/
  • https://blog.chromium.org/2018/02/how-chromes-ad-filtering-works.html

QAQ

Thank you

deck

By duck105

deck

  • 1,000