Understanding Security Risks of Ad-based URL Shortening Services Caused by Users' Behaviors
-
- Fukushi Naoki
- NTT
-
- Koide Takashi
- NTT Security (Japan) KK
-
- Chiba Daiki
- NTT Security (Japan) KK
-
- Nakano Hiroki
- NTT Security (Japan) KK
-
- Akiyama Mitsuaki
- NTT
抄録
<p>URL shortening services enable us to shorten or simplify URLs. Ad-based URL shortening services display advertisements to users who access short URLs and reward short URL creators. However, ad-based URL shortening services have specific security risks that URL shortening services without ads do not, such as displaying malicious advertisements to users. In this study, we reveal previously unknown security risks of these services caused by users' behaviors. We conducted a comprehensive measurement of ad-based URL shortening services. First, we accessed short URLs of these services, clicked buttons on the web pages, and reached the final destinations of the short URLs. Then, we reveal the security risks posed to users by monitoring and analyzing traffic logs when such short URLs are accessed. We found that all services generated an average of 86.5 web requests to malicious domain names per short URL. We then showed the security risk of unintentionally communicating malicious domain names even when users click only on buttons that correctly move users to their desired destinations. Finally, we discuss countermeasures to mitigate these risks from the perspective of each stakeholder in ad-based URL shortening services.</p>
収録刊行物
-
- Journal of Information Processing
-
Journal of Information Processing 30 (0), 865-877, 2022
一般社団法人 情報処理学会
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1390294429662275968
-
- ISSN
- 18826652
-
- 本文言語コード
- en
-
- データソース種別
-
- JaLC
- Crossref
-
- 抄録ライセンスフラグ
- 使用不可