Online advertising has become the backbone of the Internet economy by revolutionizing business marketing. It provides a simple and efficient way for advertisers to display their advertisements to specific individual users, and over the last couple of years has contributed to an explosion in the income stream for several web-based businesses. For example, Google's income from advertising grew 51.6% between 2016 and 2018, to $136.8 billion. This exponential growth in advertising revenue has motivated fraudsters to exploit the weaknesses of the online advertising model to make money, and researchers to discover new security vulnerabilities in the model, to propose countermeasures and to forecast future trends in research. Motivated by these considerations, this paper presents a comprehensive review of the security threats to online advertising systems. We begin by introducing the motivation for online advertising system, explain how it differs from traditional advertising networks, introduce terminology, and define the current online advertising architecture. We then devise a comprehensive taxonomy of attacks on online advertising to raise awareness among researchers about the vulnerabilities of online advertising ecosystem. We discuss the limitations and effectiveness of the countermeasures that have been developed to secure entities in the advertising ecosystem against these attacks. To complete our work, we identify some open issues and outline some possible directions for future research towards improving security methods for online advertising systems.
翻译:通过企业营销革命,在线广告已成为互联网经济的支柱。它为广告商提供了向特定个人用户展示广告的简单而有效的方式,并在过去几年中促成了若干网络企业收入的激增。例如,谷歌的广告收入在2016年至2018年期间增长了51.6%,达到1 368亿美元。广告收入的急剧增长促使欺诈者利用在线广告模式的弱点赚钱,研究人员发现该模式中新的安全弱点,提出对策并预测未来研究趋势。基于这些考虑,本文全面审查了网上广告系统面临的安全威胁。我们首先推出在线广告系统的动力,解释其与传统广告网络有何不同,采用术语,并界定目前的在线广告结构。我们随后设计了对网上广告袭击的全面分类,以提高研究人员对在线广告生态系统脆弱性的认识。我们讨论了为确保广告生态系统实体防范这些袭击而开发的对策的局限性和有效性。为了完成我们的工作,我们为改进在线安全系统,我们找出了一些公开的问题,并概述了一些可能进行研究的在线研究的方法。