Understanding Security Risks of Ad-based URL Shortening Services Caused by Users' Behaviors
Journal of Information Processing
Online ISSN : 1882-6652
ISSN-L : 1882-6652
Understanding Security Risks of Ad-based URL Shortening Services Caused by Users' Behaviors
Naoki FukushiTakashi KoideDaiki ChibaHiroki NakanoMitsuaki Akiyama
Author information
JOURNAL FREE ACCESS

2022 Volume 30 Pages 865-877

Details
Abstract

URL shortening services enable us to shorten or simplify URLs. Ad-based URL shortening services display advertisements to users who access short URLs and reward short URL creators. However, ad-based URL shortening services have specific security risks that URL shortening services without ads do not, such as displaying malicious advertisements to users. In this study, we reveal previously unknown security risks of these services caused by users' behaviors. We conducted a comprehensive measurement of ad-based URL shortening services. First, we accessed short URLs of these services, clicked buttons on the web pages, and reached the final destinations of the short URLs. Then, we reveal the security risks posed to users by monitoring and analyzing traffic logs when such short URLs are accessed. We found that all services generated an average of 86.5 web requests to malicious domain names per short URL. We then showed the security risk of unintentionally communicating malicious domain names even when users click only on buttons that correctly move users to their desired destinations. Finally, we discuss countermeasures to mitigate these risks from the perspective of each stakeholder in ad-based URL shortening services.

Content from these authors
© 2022 by the Information Processing Society of Japan
Previous article Next article
feedback
Top