Map shows the geolocation distributions of infected sponsored top-level domains across 141 countries. (Credit: Xiaojing Liao, Georgia Tech)
By detecting semantic inconsistencies in content, researchers have developed a new technique for identifying promotional infections of websites operated by government and educational organizations. Such attacks use code embedded in highly ranked sites to drive traffic to sketchy websites selling items like fake drugs, counterfeit handbags, and plagiarized term papers.
The new technique, known as Semantic Inconsistency Search (SEISE), uses natural language processing to spot differences between a compromised site’s expected content and malicious advertising and promotional code. For example, a university site wouldn’t be expected to promote online gambling, and a military site shouldn’t be selling counterfeit drugs.
Using SEISE, the researchers found 11,000 infected sites among noncommercial, top-level sponsored education, government, and military domains worldwide, and they are working to extend the method to other domains.
Researchers found 11,000 infected sites among non-commercial top-level sponsored .edu, .gov, and .mil domains worldwide and are working to extend the method to other domains.
“The basic idea behind promotional infection is to attack websites that are highly ranked and to leverage their importance to promote various things, most of them illegal,” explained Raheem Beyah, who is the Motorola Foundation Professor and Associate Chair for Strategic Initiatives and Innovation in Georgia Tech’s School of Electrical and Computer Engineering. “The bad content is nested into the prominent site to leverage the traffic of that domain. That gives the attackers a doorway to whatever they are promoting.”
The research was supported by the U.S. National Science Foundation and the Natural Science Foundation of China. It was described in a presentation at the IEEE Symposium on Security and Privacy in San Jose, California. SEISE was developed by researchers from the Georgia Institute of Technology, Indiana University, and Tsinghua University in China. — John Toon