PriSAd - Privacy and Security in Online Advertisement

Integral analysis of privacy and security of online advertising networks

Online advertisement and its dangers

Online advertisement has become a major economic sector at the order of billions that all major websites and mobile applications rely on. Even though private users do take notice of online advertisement as an unwelcome annoyance, they seldomly are aware of how it puts their privacy and security in danger. Online advertising networks use online profiling as a basis for target marketing and collect information provided by cookies, web site traffic analysis as much as personal information of a users’ browsing and buying habits. Those online profiles often contain sensitive personal information, including medical histories or political beliefs.

Ad networks can also fall prey to misuse by so-called „malvertising” attacks - malicious advertising, meaning the injection of malware into regular and legitimate online advertising networks. Online ads can therefore be the source of malware, initiate link-hijacking or trick users into voluntarily installing malware or subscribing to expensive services. Advertising content offers an ideal opportunity for attackers to insert malware into reputable, high profile websites and mobile applications.

PriSAd research goals

Previous research projects have shown how widespread of a phenomenon malvertising has become, without however taking into account mobile applications. PriSAd aims at an integral analysis of security and privacy in the context of online advertising networks and wants to further evolve and promote automated malware recognition. As long-term goal, PriSAd wants  to provide online services with malware recognition to help protect their users from harmful online ads.

Publications

Project manager
Partners
  • Nimbusec GmbH
Funding
Austrian Research Promotion Agency (FFG)
Runtime
03/31/2016 – 12/30/2018
Status
finished
Involved Institutes, Groups and Centers
Forschungsgruppe Secure Societies
Institute of IT Security Research