research-article

Public Access

WebRanz: web page randomization for better advertisement delivery and web-bot prevention

Authors:

Patrick EugsterAuthors Info & Claims

FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

Pages 205 - 216

https://doi.org/10.1145/2950290.2950352

Published: 01 November 2016 Publication History

Abstract

Nowadays, a rapidly increasing number of web users are using Ad-blockers to block online advertisements. Ad-blockers are browser-based software that can block most Ads on the websites, speeding up web browsers and saving bandwidth. Despite these benefits to end users, Ad-blockers could be catastrophic for the economic structure underlying the web, especially considering the rise of Ad-blocking as well as the number of technologies and services that rely exclusively on Ads to compensate their cost. In this paper, we introduce WebRanz that utilizes a randomization mechanism to circumvent Ad-blocking. Using WebRanz, content publishers can constantly mutate the internal HTML elements and element attributes of their web pages, without affecting their visual appearances and functionalities. Randomization invalidates the pre-defined patterns that Ad-blockers use to filter out Ads. Though the design of WebRanz is motivated by evading Ad-blockers, WebRanz also benefits the defense against bot scripts. We evaluate the effectiveness of WebRanz and its overhead using 221 randomly sampled top Alexa web pages and 8 representative bot scripts.

References

[1]

Adblock Plus. https://adblockplus.org/.

[2]

WebRanz Project Page. https: //www.cs.purdue.edu/homes/wang1315/webranz/.

[3]

RFC 2397 - The “data”

[4]

Htmlparser2. https://www.npmjs.com/package/htmlparser2.

[5]

CSS Parser. https://github.com/reworkcss/css.

[6]

Lucene Image Retrieval. https://github.com/dermotte/lire.

[7]

YUI. http://yuilibrary.com/.

[8]

A former Googler has declared war on ad blockers with a new startup that tackles them in an unorthodox way. http://www.businessinsider.com/former-googleexec-launches-sourcepoint-with-10-million-series-afunding-2015-6.

[9]

A simple python crawler for Lenovo outlet website. https://github.com/agwlm/lenovo crawler.

[10]

Ad Blockers and the Nuisance at the Heart of the Modern Web. http://www.nytimes.com/2015/08/20/ technology/personaltech/ad-blockers-and-thenuisance-at-the-heart-of-the-modern-web.html.

[11]

Adblock Blocker. https://wordpress.org/plugins/addblockblocker/.

[12]

Adblock Plus Talks Content-Blocking And The Tricky Shift To Mobile. http: //techcrunch.com/2015/07/22/adblock-plus-talkscontent-blocking-and-the-tricky-shift-to-mobile/. Jul. 2015.

[13]

Alexa: The top ranked sites in Music Videos. http://www.alexa.com/topsites/category/Top/Arts/ Music/Music Videos. Aug. 2015.

[14]

Amazon reviews downloader and parser. https://github.com/aesuli/Amazon-downloader.

[15]

Anti Adblock Script. http://antiblock.org/.

[16]

Crawling Groupon to get all Information about all deals in America. https://github.com/mihirkelkar/crawl groupon.

[17]

Data Theft Watch: Web Scraping Attacks Almost Double. http://www.infosecuritymagazine.com/news/data-theft-watch-web-scraping/. Jun, 2015.

[18]

Google losing billions in adblocking devil’s deal. http://blog.pagefair.com/2015/google-losing-billionsadblock-devils-deal/. Jun. 2015.

[19]

Growth of Ad Blocking Adds to Publishers’ Worries. http://blogs.wsj.com/cmo/2015/04/09/growth-of-adblocking-adds-to-publishers-worries/. Apr. 2015.

[20]

How one tweet wiped $8bn off Twitter’s value. http://www.bbc.com/news/technology-32511932.

[21]

Apr, 2015.

[22]

IAB Internet Advertising Revenue Report, Q3 2015. http://www.iab.com/news/q3adrevenue/. Dec. 2015.

[23]

Incapsula Inc. 2014 Bot Traffic Report: Just the Droids You were Looking for. https://www.incapsula.com/blog/bot-traffic-report- 2014.html. Dec. 2014.

[24]

Node.js. http://nodejs.org.

[25]

Remove Adblock. http://removeadblock.com/.

[26]

Selenium - Web Browser Automation. http://www.seleniumhq.org.

[27]

Storage Analysis - GB/$ for different sizes and media. http://forre.st/storage.

[28]

The 2015 Ad Blocking Report. http://blog.pagefair.com/2015/ad-blocking-report/. Aug. 2015.

[29]

The Scraping Threat Report 2015. https://www.scrapesentry.com/wp-content/uploads/ 2015/06/2015 The Scraping Threat Report.pdf. Jun, 2015.

[30]

tScrape. https://github.com/tranberg/tScrape.

[31]

Twitter leak demonstrates power of scraper bots. http://www.usatoday.com/story/tech/2015/04/28/ twitter-selerity-leak-tweets-earnings/26528903/. Apr, 2015.

[32]

YelpCrawl: Exhaustive Yelp! Scraper. https://github.com/codelucas/yelpcrawl.

[33]

Joe Portner, Joel Kerr, and Bill Chu. Moving target defense against cross-site scripting attacks (position paper). In Foundations and Practice of Security - 7th International Symposium, FPS 2014, Montreal, QC, Canada, November 3-5, 2014. Revised Selected Papers, pages 85–91, 2014.

[34]

Marthony Taguinod, Adam Doup ˜ Al’, Ziming Zhao, and Gail-Joon Ahn. Toward a Moving Target Defense for Web Applications. In Proceedings of 16th IEEE International Conference on Information Reuse and Integration (IRI). IEEE, 2015.

Digital Library

[35]

Shardul Vikram, Chao Yang, and Guofei Gu. NOMAD: towards non-intrusive moving-target defense against web bots. In IEEE Conference on Communications and Network Security, CNS 2013, National Harbor, MD, USA, October 14-16, 2013, pages 55–63, 2013.

[36]

Xinran Wang, Tadayoshi Kohno, and Bob Blakley. Polymorphism as a defense for automated attack of websites. In Ioana Boureanu, Philippe Owesarski, and Serge Vaudenay, editors, Applied Cryptography and Network Security, volume 8479 of Lecture Notes in Computer Science, pages 513–530. Springer International Publishing, 2014.

[37]

Xinyu Xing, Wei Meng, Dan Doozan, Nick Feamster, Wenke Lee, and Alex C. Snoeren. Exposing Inconsistent Web Search Results with Bobble. In Proceedings of the 15th International Conference on Passive and Active Measurement - Volume 8362, PAM 2014, pages 131–140, New York, NY, USA, 2014. Springer-Verlag New York, Inc. Introduction Motivation Ad-Blocking How Ads are Blocked Content-sensitive Web bots Our Solution: Web Page Randomization Web Page Randomization What to Randomize Interpreting Patterns in Blacklisting Rules Evaluating Filters on Popular Websites Server Side Randomization Randomizing Element Id and Class Fixing Static HTML Style Rules Randomizing Static

Digital Library

Cited By

Sadeghpour SVlajic NZhang NLi Q(2023)RanABD: MTD-Based Technique for Detection of Advanced Session-Replay Web BotsProceedings of the 10th ACM Workshop on Moving Target Defense10.1145/3605760.3623763(17-23)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1145/3605760.3623763
Ghasemisharif MPolakis JMeng WJensen CCremers CKirda E(2023)Read Between the Lines: Detecting Tracking JavaScript with Bytecode ClassificationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616637(3475-3489)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616637
Yan YZheng YLiu XMedvidovic NWang W(2023)Adhere: Automated Detection and Repair of Intrusive Ads2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00051(486-498)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00051
Show More Cited By

Index Terms

WebRanz: web page randomization for better advertisement delivery and web-bot prevention
1. Information systems
  1. World Wide Web
    1. Online advertising
      1. Display advertising
2. Security and privacy
  1. Software and application security
    1. Web application security

Recommendations

Web Bot Detection Evasion Using Deep Reinforcement Learning
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Web bots are vital for the web as they can be used to automate several actions, some of which would have otherwise been impossible or very time consuming. These actions can be benign, such as website testing and web indexing, or malicious, such as ...
Defending against hitlist worms using network address space randomization

Worms are self-replicating malicious programs that represent a major security threat for the Internet, as they can infect and damage a large number of vulnerable hosts at timescales where human responses are unlikely to be effective. Sophisticated worms ...
Defending against hitlist worms using network address space randomization
WORM '05: Proceedings of the 2005 ACM workshop on Rapid malcode

Worms are self-replicating malicious programs that represent a major security threat for the Internet, as they can infect and damage a large number of vulnerable hosts at timescales where human responses are unlikely to be effective. Sophisticated worms ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

November 2016

1156 pages

ISBN:9781450342186

DOI:10.1145/2950290

General Chair:
Thomas Zimmermann
Microsoft Research, USA
,
Program Chairs:
Jane Cleland-Huang
University of Notre Dame, USA
,
Zhendong Su
University of California at Davis, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

FSE'16

Sponsor:

SIGSOFT

FSE'16: 24nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering

November 13 - 18, 2016

WA, Seattle, USA

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
944
Total Downloads

Downloads (Last 12 months)216
Downloads (Last 6 weeks)26

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sadeghpour SVlajic NZhang NLi Q(2023)RanABD: MTD-Based Technique for Detection of Advanced Session-Replay Web BotsProceedings of the 10th ACM Workshop on Moving Target Defense10.1145/3605760.3623763(17-23)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1145/3605760.3623763
Ghasemisharif MPolakis JMeng WJensen CCremers CKirda E(2023)Read Between the Lines: Detecting Tracking JavaScript with Bytecode ClassificationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616637(3475-3489)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616637
Yan YZheng YLiu XMedvidovic NWang W(2023)Adhere: Automated Detection and Repair of Intrusive Ads2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00051(486-498)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00051
Kim IWang WKwon YZhang X(2023)BFTDETECTOR: Automatic Detection of Business Flow Tampering for Digital Content Service2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00048(448-459)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00048
Sadeghpour SVlajic N(2023)RanABD: Web Page Randomization for Advanced Web-Bot Detection2023 7th Cyber Security in Networking Conference (CSNet)10.1109/CSNet59123.2023.10339779(81-86)Online publication date: 16-Oct-2023
https://doi.org/10.1109/CSNet59123.2023.10339779
Lin SChou KChen YHsiao HCassel DBauer LJia L(2022)Investigating Advertisers’ Domain-changing Behaviors and Their Impacts on Ad-blocker Filter ListsProceedings of the ACM Web Conference 202210.1145/3485447.3512218(576-587)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512218
(2021)Web Bot Detection System Based on Divisive Clustering and K-Nearest Neighbor Using Biostatistics Features SetInternational Journal of Digital Crime and Forensics10.4018/IJDCF.30213613:6(0-0)Online publication date: Nov-2021
https://doi.org/10.4018/IJDCF.302136
Zhu SWang ZChen XLi SMan KIqbal UQian ZChan KKrishnamurthy SShafiq ZHao YLi GZhang ZZou X(2021)Eluding ML-based Adblockers With Actionable Adversarial ExamplesProceedings of the 37th Annual Computer Security Applications Conference10.1145/3485832.3488008(541-553)Online publication date: 6-Dec-2021
https://dl.acm.org/doi/10.1145/3485832.3488008
Smith MSnyder PLivshits BStefan DKim YKim JVigna GShi E(2021)SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content BlockingProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484578(2844-2857)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484578
Snyder PVastel ALivshits B(2020)Who Filters the FiltersProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/33921444:2(1-24)Online publication date: 12-Jun-2020
https://dl.acm.org/doi/10.1145/3392144
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents