*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Improved Security for Digital Advertising Ecosystems
Committee:
Dr. John Copeland, ECE, Chair , Advisor
Dr. Gee-Kung Chang, ECE
Dr. Yusun Change, ECE
Dr. Henry Owen, ECE
Dr. Mostafa Ammar, CoC
Abstract:
Digital advertising is the de facto primary way to monetize the entire Internet. For example, over 85% of annual revenue for two prestigious tech companies, Google and Facebook, is generated through digital advertising. It is for this reason that, these and other such companies are able to continually drive the evolutions of information technology in ways that serve to enhance our everyday lives. The undeniable benefits include free web browsers with powerful search engines and mobile applications. Still, it turns out that “free” does have a cost, and we pay for it through our interactions within a digital advertising ecosystem. However, such digital advertisements, along with the underlying systems, suffer from various security and privacy related issues.
This dissertation aims to improve security in digital advertising ecosystems. Therefore, we conduct a comprehensive study on both security and privacy related topics. First, after collecting over 84K mobile ads, we reveal the correlation between click fraud and malvertising, and suggest that ad networks should take more responsibility to mitigate not only malvertising but also click fraud. In addition, our case studies show an emerging trend in security threats with cryptojacking. Second, based on the nature of current monetization services, we present In-App AdPay, which allows users to query targeted ads by granting permissions at different levels, and receives credits for ad views/clicks. Afterwards, we deduce the association between users’ private information and advertisers’ virtual payments, including how users value permissions in different test scenarios. Finally, we also point out other ad-related threats (i.e., ad revenue stealing attack, and ad inappropriateness) occurred in the ecosystem, which are left for further studies.
