Uncovering Hidden Links with Malicious Non-Interference

Abstract

Every day, billions of searches are made on search engines such as Google. The results shown are ranked using proprietary algorithms by the search engine providers. Some of these algorithms consider the number of backlinks, links from other websites, as an indicator of popularity and relevance. This ranking mechanism is widely known and, in some cases, exploited by attackers who inject links onto other websites to improve their own search engine rankings. While normal backlinks are visible to users and search engines alike, some attackers use hidden links, links that are not meant to be seen by users but are still indexed by search engines. In an attempt to artificially boost rankings in a search engine. In this thesis, we focus on links that are invisible to users but visible to search engines. We call these "hidden links".

Because of the malicious behavior of some websites, methods for detecting these hidden links have been developed previously. The key concept for this thesis is non-interference, a semantic condition that defines when a system is well-behaved, such as ensuring that a system does not leak secrets or preserve the integrity of certain data. In our thesis, the concept of non-interference is used in reverse, and is therefore referred to as malicious non-interference. The fundamental idea of our approach for detecting hidden links is to make changes to the website’s code and make a visual inspection to see if the changes are visible.

The tool developed by applying malicious non-interference in this thesis is called Malicious Non-interference Scanner (MANIS), and it shows promising results, as it is capable of detecting hiding methods that other scanning tools, such as Sucuri SiteCheck, are unable to detect. MANIS shows promising results when tested on two different datasets: one randomly sampled from the latest Tranco domain ranking list, and a dataset collected by us during the development of MANIS with websites that we suspect to contain hidden links. From these datasets, MANIS is capable of detecting hidden links with accuracies of 86% and 97% respectively. With the majority of the false positives coming from an inability to interact with the website.