A study of third-party resources loading on web

Muhammad Ikram; Rahat Masood; Gareth Tyson; Mohamed Ali Kaafar; Roya Ensafi

doi:10.48550/arXiv.2203.03077

A study of third-party resources loading on web

Muhammad Ikram, Rahat Masood, Gareth Tyson, Mohamed Ali Kaafar, Roya Ensafi

School of Computing

Research output: Contribution to conference › Paper › peer-review

Abstract

This paper performs a large-scale study of dependency chains in the web, to find that around 50% of first-party websites render content that they did not directly load. Although the majority (84.91%) of websites have short dependency chains (below 3 levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third-parties are classified as suspicious — although seemingly small, this limited set of suspicious third-parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third-parties, and 24.8% of first-party webpages contain at least three third-parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range of
activities with the majority of suspicious JavaScript codes downloading malware.

Original language	English
DOIs	https://doi.org/10.48550/arXiv.2203.03077
Publication status	Submitted - 7 Mar 2022
Event	Cyber Defence Next Generation Technology and Science Conference - Brisbane, Australia Duration: 21 Feb 2022 → 23 Feb 2022 Conference number: 4 https://wp.csiro.au/cdng/

Conference

Conference	Cyber Defence Next Generation Technology and Science Conference
Abbreviated title	CDNG
Country/Territory	Australia
City	Brisbane
Period	21/02/22 → 23/02/22
Internet address	https://wp.csiro.au/cdng/

Access to Document

10.48550/arXiv.2203.03077Licence: CC BY

1 Article

Measuring and analysing the chain of implicit trust: a study of third-party resources loading
Ikram, M., Masood, R., Tyson, G., Kaafar, M. A., Loizon, N. & Ensafi, R., Apr 2020, In: ACM Transactions on Privacy and Security (TOPS). 23, 2, p. 1-27 27 p., 8.
Research output: Contribution to journal › Article › peer-review

Open Access

Cite this

@conference{685238a5c98c4db1b36e8f3d5be3666d,

title = "A study of third-party resources loading on web",

abstract = "This paper performs a large-scale study of dependency chains in the web, to find that around 50% of first-party websites render content that they did not directly load. Although the majority (84.91%) of websites have short dependency chains (below 3 levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third-parties are classified as suspicious — although seemingly small, this limited set of suspicious third-parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third-parties, and 24.8% of first-party webpages contain at least three third-parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range ofactivities with the majority of suspicious JavaScript codes downloading malware.",

author = "Muhammad Ikram and Rahat Masood and Gareth Tyson and Kaafar, {Mohamed Ali} and Roya Ensafi",

year = "2022",

month = mar,

day = "7",

doi = "10.48550/arXiv.2203.03077",

language = "English",

note = "Cyber Defence Next Generation Technology and Science Conference, CDNG ; Conference date: 21-02-2022 Through 23-02-2022",

url = "https://wp.csiro.au/cdng/",

}

TY - CONF

T1 - A study of third-party resources loading on web

AU - Ikram, Muhammad

AU - Masood, Rahat

AU - Tyson, Gareth

AU - Kaafar, Mohamed Ali

AU - Ensafi, Roya

N1 - Conference code: 4

PY - 2022/3/7

Y1 - 2022/3/7

N2 - This paper performs a large-scale study of dependency chains in the web, to find that around 50% of first-party websites render content that they did not directly load. Although the majority (84.91%) of websites have short dependency chains (below 3 levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third-parties are classified as suspicious — although seemingly small, this limited set of suspicious third-parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third-parties, and 24.8% of first-party webpages contain at least three third-parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range ofactivities with the majority of suspicious JavaScript codes downloading malware.

AB - This paper performs a large-scale study of dependency chains in the web, to find that around 50% of first-party websites render content that they did not directly load. Although the majority (84.91%) of websites have short dependency chains (below 3 levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third-parties are classified as suspicious — although seemingly small, this limited set of suspicious third-parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third-parties, and 24.8% of first-party webpages contain at least three third-parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range ofactivities with the majority of suspicious JavaScript codes downloading malware.

U2 - 10.48550/arXiv.2203.03077

DO - 10.48550/arXiv.2203.03077

M3 - Paper

T2 - Cyber Defence Next Generation Technology and Science Conference

Y2 - 21 February 2022 through 23 February 2022

ER -

A study of third-party resources loading on web

Abstract

Conference

Access to Document

Fingerprint

Research output

Measuring and analysing the chain of implicit trust: a study of third-party resources loading

Cite this