A penny per visit adds up real fast: designing effective defenses against an adversary that makes more money than your entire company does

Michael Tiffany
White Ops

Ad fraud yields a higher lifetime value per infection than anything else you can do with a botnet. As a result, top tier operators have gone to extraordinary lengths to make bots as lifelike as possible to evade detection. In this talk, we will review:

  • The state of the art in bot behavior, evasion, and anti-forensics. Hint: the adversary can use machine learning, too, and they have lots of real people to clone, emulate, or train off of
  • Why even well-studied malware families like Kovter are still alive and kicking
  • Breakthrough techniques in running an arms race against an adversary you must model as at least as smart as you and almost certainly better resourced than you
  • Deception and strategic indeterminacy: Getting inside the OODA loop of an adaptive adversary by denying immediate success/fail feedback
  • Corollary: put security through obscurity back in your playbook
  • Cui bono? Playable moves when you can detect an adversary, they can’t tell they’ve been detected, and you can see which bank accounts benefit from what they attempted


Slides


References

Presenter