Rui Ning,Cong Wang,ChunSheng Xin,Jiang Li,Hongyi Wu

DOI: https://doi.org/10.1016/j.pmcj.2019.101106

IF: 3.848

2020-01-01

Pervasive and Mobile Computing

Abstract:In this paper, we report a newfound vulnerability on smartphones due to the malicious use of unsupervised sensor data. We demonstrate that an attacker can train deep Convolutional Neural Networks (CNN) by using magnetometer or orientation data to effectively infer the Apps and their usage information on a smartphone with an accuracy of over 80%. Furthermore, we show that such attacks can become even worse if sophisticated attackers exploit motion sensors to cluster the magnetometer or orientation data, improving the accuracy to as high as 98%. To mitigate such attacks, we propose a noise injection scheme that can effectively reduce the App sniffing accuracy to only 15% and at the same time has negligible effect on benign Apps.

Hao Pan,Feitong Tan,Wenhao Li,Yi-Chao Chen,Lanqing Yang,Guangtao Xue,Xiaoyu Ji

DOI: https://doi.org/10.1109/secon55815.2022.9918604

2022-01-01

Abstract:This study reveals that on-board hardware modules leak electromagnetic (EM) emissions whenever audio or camera data is accessed, and proposes Magdefender scheme that explores the possibility of using the magnetometer built into mobile devices to detect eavesdropping instances by malicious apps and even the unscrupulous phone vendors. However, the target EM signals generated by accessing multimedia data is weak and tends to be buried beneath other noisy EM signals from apps running in the foreground. It is also subject to the external interference from geomagnetic signals generated by the device movement. To cope with the challenges, we adopt a generative adversarial networks (GAN) based model to facilitate the extraction of target EM signals indicating the occurrence of eavesdropping from the overall magnetometer readings. We also develop a neural network-based classifier with triplet loss embedding to identify the EM signals from the camera and/or microphones. Empirical results demonstrate the efficacy of MagDefenderin recognizing instances of eavesdropping on cameras/microphones data, with average accuracy of 97.3% when applied to the trained devices, and average 91.5% on unseen mobile devices.

Tong Zhu,Yan Meng,Haotian Hu,Xiaokuan Zhang,Minhui Xue,Haojin Zhu

DOI: https://doi.org/10.1145/3460120.3484546

2021-09-15

Abstract:Although the use of pay-per-click mechanisms stimulates the prosperity of the mobile advertisement network, fraudulent ad clicks result in huge financial losses for advertisers. Extensive studies identify click fraud according to click/traffic patterns based on dynamic analysis. However, in this study, we identify a novel click fraud, named humanoid attack, which can circumvent existing detection schemes by generating fraudulent clicks with similar patterns to normal clicks. We implement the first tool ClickScanner to detect humanoid attacks on Android apps based on static analysis and variational AutoEncoder (VAE) with limited knowledge of fraudulent examples. We define novel features to characterize the patterns of humanoid attacks in the apps' bytecode level. ClickScanner builds a data dependency graph (DDG) based on static analysis to extract these key features and form a feature vector. We then propose a classification model only trained on benign datasets to overcome the limited knowledge of humanoid attacks. We leverage ClickScanner to conduct the first large-scale measurement on app markets (i.e.,120,000 apps from Google Play and Huawei AppGallery) and reveal several unprecedented phenomena. First, even for the top-rated 20,000 apps, ClickScanner still identifies 157 apps as fraudulent, which shows the prevalence of humanoid attacks. Second, it is observed that the ad SDK-based attack (i.e., the fraudulent codes are in the third-party ad SDKs) is now a dominant attack approach. Third, the manner of attack is notably different across apps of various categories and popularities. Finally, we notice there are several existing variants of the humanoid attack. Additionally, our measurements demonstrate the proposed ClickScanner is accurate and time-efficient (i.e., the detection overhead is only 15.35% of those of existing schemes).

Cryptography and Security

Yushi Cheng,Xiaoyu Ji,Wenyuan Xu,Hao Pan,Zhuangdi Zhu,Chuang-Wen You,Yi-Chao Chen,Lili Qiu

DOI: https://doi.org/10.1145/3321705.3329817

2019-01-01

Abstract:Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study a new side channel of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, eg, a smartphone. We propose MagAttack, which exploits the electromagnetic (EM) side channel of a laptop to infer user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 13 popular applications and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 13 applications with an average accuracy of 98.6%, and figure out the visiting operation among 50 websites with an average accuracy of 84.7%.

Chenhong Cao,Yi Gao,Yang Luo,Mingyuan Xia,Wei Dong,Chun Chen,Xue Liu

DOI: https://doi.org/10.1109/tmc.2020.2966991

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile advertising plays a vital role in the mobile app ecosystem. A major threat to the sustainability of this ecosystem is click fraud, i.e., ad clicks performed by malicious code or automatic bot problems. Existing click fraud detection approaches focus on analyzing the ad requests at the server side. However, such approaches may suffer from high false negatives since the detection can be easily circumvented, e.g., when the clicks are behind proxies or globally distributed. In this paper, we present AdSherlock, an efficient and deployable click fraud detection approach at the client side (inside the application) for mobile apps. AdSherlock splits the computation-intensive operations of click request identification into an offline procedure and an online procedure. In the offline procedure, AdSherlock generates both exact patterns and probabilistic patterns based on URL (Uniform Resource Locator) tokenization. These patterns are used in the online procedure for click request identification and further used for click fraud detection together with an ad request tree model. We implement a prototype of AdSherlock and evaluate its performance using real apps. The online detector is injected into the app executable archive through binary instrumentation. Results show that AdSherlock achieves higher click fraud detection accuracy compared with state of the art, with negligible runtime overhead.

Shishir Nagaraja,Ryan Shah

DOI: https://doi.org/10.48550/arXiv.1903.00733

2019-03-02

Cryptography and Security

Abstract:Advertising is a primary means for revenue generation for millions of websites and smartphone apps (publishers). Naturally, a fraction of publishers abuse the ad-network to systematically defraud advertisers of their money. Defenses have matured to overcome some forms of click fraud but are inadequate against the threat of organic click fraud attacks. Malware detection systems including honeypots fail to stop click fraud apps; ad-network filters are better but measurement studies have reported that a third of the clicks supplied by ad-networks are fake; collaborations between ad-networks and app stores that bad-lists malicious apps works better still, but fails to prevent criminals from writing fraudulent apps which they monetise until they get banned and start over again. This work develops novel inference techniques that can isolate click fraud attacks using their fundamental properties. In the {\em mimicry defence}, we leverage the observation that organic click fraud involves the re-use of legitimate clicks. Thus we can isolate fake-clicks by detecting patterns of click-reuse within ad-network clickstreams with historical behaviour serving as a baseline. Second, in {\em bait-click defence}. we leverage the vantage point of an ad-network to inject a pattern of bait clicks into the user's device, to trigger click fraud-apps that are gated on user-behaviour. Our experiments show that the mimicry defence detects around 81\% of fake-clicks in stealthy (low rate) attacks with a false-positive rate of 110110 per hundred thousand clicks. Bait-click defence enables further improvements in detection rates of 95\% and reduction in false-positive rates of between 0 and 30 clicks per million, a substantial improvement over current approaches.

Haitao Xu,Daiping Liu,Aaron Koehl,Haining Wang,Angelos Stavrou

DOI: https://doi.org/10.1007/978-3-319-11212-1_24

2014-01-01

Abstract:Click fraud-malicious clicks at the expense of pay-per-click advertisers-is posing a serious threat to the Internet economy. Although click fraud has attracted much attention from the security community, as the direct victims of click fraud, advertisers still lack effective defense to detect click fraud independently. In this paper, we propose a novel approach for advertisers to detect click frauds and evaluate the return on investment (ROI) of their ad campaigns without the helps from ad networks or publishers. Our key idea is to proactively test if visiting clients are full-fledged modern browsers and passively scrutinize user engagement. In particular, we introduce a new functionality test and develop an extensive characterization of user engagement. Our detection can significantly raise the bar for committing click fraud and is transparent to users. Moreover, our approach requires little effort to be deployed at the advertiser side. To validate the effectiveness of our approach, we implement a prototype and deploy it on a large production website; and then we run 10-day ad campaigns for the website on a major ad network. The experimental results show that our proposed defense is effective in identifying both clickbots and human clickers, while incurring negligible overhead at both the server and client sides.

Yanglin Liu,Yang Liu,Mehdi Gheisari

DOI: https://doi.org/10.1109/ICDIS55630.2022.00066

2022-01-01

Abstract:While the Cost-Per-click mechanism ensures the prosperity of the mobile advertising ecosystem, click fraud becomes a significant threat that results in huge losses for advertisers. On the one hand, some existing studies identify click fraud in a predefined test environment on the client side. However, these works neglect the influence of user interaction on fraudulent behaviours. On the other hand, some studies employ binary classifiers to detect click fraud on the server side without considering the particularity of the click fraud scenario. This paper presents the design and implementation of CFDMA, a click fraud detection system that conducts both server side and client side detection. CFDMA makes connections between fraudulent behaviours and explicit user inputs through observing sensitive system classes on the client side. CFDMA constructs the publisher graph on the server side and uses its information to detect invalid traffic. We evaluate the performance of CFDMA on real click datasets. Our evaluation demonstrates that CFDMA is capable of identifying invalid click traffic and fraudulent behaviours.

Suibin Sun,Le Yu,Xiaokuan Zhang,Minhui Xue,Ren Zhou,Haojin Zhu,Shuang Hao,Xiaodong Lin

DOI: https://doi.org/10.1145/3460120.3484547

2021-01-01

Abstract:Along with gaining popularity of Real-Time Bidding (RTB) based programmatic advertising, the click farm based invalid traffic, which leverages massive real smartphones to carry out large-scale ad fraud campaigns, is becoming one of the major threats against online advertisement. In this study, we take an initial step towards the detection and large-scale measurement of the click farm based invalid traffic. Our study begins with a measurement on the device's features using a real-world labeled dataset, which reveals a series of features distinguishing the fraudulent devices from the benign ones. Based on these features, we develop EvilHunter, a system for detecting fraudulent devices through ad bid request logs with a focus on clustering fraudulent devices. EvilHunter functions by 1) building a classifier to distinguish fraudulent and benign devices; 2) clustering devices based on app usage patterns; and 3) relabeling devices in clusters through majority voting. EvilHunter demonstrates 97% precision and 95% recall on a real-world labeled dataset. By investigating a super click farm, we reveal several cheating strategies that are commonly adopted by fraudulent clusters. We further reduce the overhead of EvilHunter and discuss how to deploy the optimized EvilHunter in a real-world system. We are in partnership with a leading ad verification company to integrate EvilHunter into their industrial platform.

Sanorita Dey,Nirupam Roy,Wenyuan Xu,Romit Roy Choudhury,Srihari Nelakuditi

DOI: https://doi.org/10.14722/ndss.2014.23059

2014-01-01

Abstract:As mobile begins to overtake the fixed Internet access, ad networks have aggressively sought methods to track users on their mobile devices. While existing countermeasures and regulation focus on thwarting cookies and various device IDs, this paper submits a hypothesis that smartphone/tablet accelerometers possess unique fingerprints, which can be exploited for tracking users. We believe that the fingerprints arise from hardware imperfections during the sensor manufacturing process, causing every sensor chip to respond differently to the same motion stimulus. The differences in responses are subtle enough that they do not affect most of the higher level functions computed on them. Nonetheless, upon close inspection, these fingerprints emerge with consistency, and can even be somewhat independent of the stimulus that generates them. Measurements and classification on 80 standalone accelerometer chips, 25 Android phones, and 2 tablets, show precision and recall upward of 96%, along with good robustness to realworld conditions. Utilizing accelerometer fingerprints, a crowdsourcing application running in the cloud could segregate sensor data for each device, making it easy to track a user over space and time. Such attacks are almost trivial to launch, while simple solutions may not be adequate to counteract them.

Xuening Zhu,Da Huang,Rui Pan,Hansheng Wang

DOI: https://doi.org/10.4310/sii.2016.v9.n3.a12

2016-01-01

Statistics and Its Interface

Abstract:This paper is concerned with the problem of click fraud detection. We assume each visitor of a website carries a latent indicator, which labels him/her as a regular or malicious user. Information such as number of clicks, number of page views (PVs) and time difference between consecutive clicks are cooperated in our newly proposed statistical model. We allow those random variables to share the same distribution but with different parameters according to the visitor's type. An EM algorithm is then suggested to obtain the maximum likelihood estimator. As a result, click fraud detection can be implemented by estimating the posterior malicious probability of each visitor. Simulation studies are conducted to assess the finite sample performance. We also demonstrate the usefulness of the proposed method via an empirical analysis of a real life example on search engine marketing.

Malak Aljabri,Rami Mustafa A. Mohammad

DOI: https://doi.org/10.1016/j.eij.2023.05.006

IF: 4.195

2023-05-17

Egyptian Informatics Journal

Abstract:Advertising corporations have moved their focus to online and in-App advertisements in response to the expansion of digital technologies and social media. Online advertising represents the primary revenue source for advertising networks that serve as the middlemen between advertisers and advertisement publishers. The advertising networks pay the publisher of the advertisement based on the number of clicks through to advertisers, following the pay-per-click (PPC) payment scheme. However, there is a growing security issue with this payment approach known as Click Fraud. Click fraud is the illegal process of clicking on pay-per-click advertisements to increase publishers' revenue or deplete advertisers' budgets. Artificial intelligence techniques have been increasingly employed to solve complicated challenges in different research areas, including cybersecurity, to achieve unexpected outcomes. In this paper, several Machine Learning models were constructed to establish whether the user is a human or a bot and conducted a comparative performance analysis using a set of evaluation metrics. We used a real captured dataset detailing Internet users' behavior while navigating websites. We extracted a set of features related to users' behaviors, including the number of webpages viewed during the browsing session, the duration of the browsing journey, and the actions performed. The empirical results revealed that all the considered models obtained good results, where the random forest algorithm surpassed all other algorithms in all evaluation metrics.

computer science, information systems, artificial intelligence

Weibin Li,Qiwei Zhong,Qingyang Zhao,Hongchun Zhang,Xiaonan Meng

DOI: https://doi.org/10.48550/arXiv.2105.03567

IF: 5.414

2021-05-08

Machine Learning

Abstract:Advertising click fraud detection plays one of the vital roles in current E-commerce websites as advertising is an essential component of its business model. It aims at, given a set of corresponding features, e.g., demographic information of users and statistical features of clicks, predicting whether a click is fraudulent or not in the community. Recent efforts attempted to incorporate attributed behavior sequence and heterogeneous network for extracting complex features of users and achieved significant effects on click fraud detection. In this paper, we propose a Multimodal and Contrastive learning network for Click Fraud detection (MCCF). Specifically, motivated by the observations on differences of demographic information, behavior sequences and media relationship between fraudsters and genuine users on E-commerce platform, MCCF jointly utilizes wide and deep features, behavior sequence and heterogeneous network to distill click representations. Moreover, these three modules are integrated by contrastive learning and collaboratively contribute to the final predictions. With the real-world datasets containing 2.54 million clicks on Alibaba platform, we investigate the effectiveness of MCCF. The experimental results show that the proposed approach is able to improve AUC by 7.2% and F1-score by 15.6%, compared with the state-of-the-art methods.

Leyi Song,Xueqing Gong,Xiaofeng He,Rong Zhang,Aoying Zhou

2013-01-01

Abstract:The healthy development of the Internet largely depends on the online advertisement which provides the financial support to the Internet. Click fraud, however, poses serious threat to the Internet ecosystem. It not only brings harm to the advertisers, but also damages the mutual trust between advertiser and ad agency. Click fraud prediction is a typical big data application in that we normally need to identify the malicious clicks from massive click logs, therefore e cient detection methods in big data framework are much desired to combat this fraudulent behavior. In this paper, we propose a three-stage filtering system to attack click fraud. The serialized filters e↵ectively detect the malicious clicks with decreasing confidence that can satisfy both advertisers and content providers.

Yanan Dong,Xuejun Liu,Bin Li,Wei Zhang

DOI: https://doi.org/10.3969/j.issn.1001-3695.2016.06.038

2016-01-01

Abstract:This paper proposed a promising new method for detecting a fraudulent group.First,it used the frequent itemsets mining algorithm to reveal individual member with joint actions on advertisement click as a suspicious group.Next,based on properties analysis on click behavior of members of the suspicious group,it used outlier detection method to distinguish those whose behavior was significantly different with others,as suspicious targets.Finally,it detected the real fraud group and fraudu-lent users after applying Bayesian classifier on all the suspicious fraudulent users.Experimental results indicate the feasibility and validity of this method,which is based on real dataset.It gives a new approach to the detection of fraudulent clicks.

Amreen Batool,Yung-Cheol Byun

DOI: https://doi.org/10.1109/access.2022.3211528

IF: 3.9

2022-11-04

IEEE Access

Abstract:With the rapid development of online advertising, click fraud is a serious issue for the internet market. Click fraud is a dishonest attempt to improve a website's profit or deplete an advertiser's budget by clicking on pay-per-click advertisements. For an extended period, this illegal act has a threat to the industrial sectors. As a result, these businesses hesitate to advertise their items on mobile apps and websites, as numerous groups attempt to take advantage of themes. To safely advertise their services and products online, a robust mechanism is needed for efficient click fraud detection. To tackle this issue, an ensemble architecture of machine learning and deep learning is proposed to detect click fraud in online advertisement campaigns. The proposed ensemble architecture consists of a Convolutional Neural Network (CNN), and a Bidirectional Long Short-Term Memory network (BiLSTM) is used to extract hidden features, while the Random Forest (RF) is used for classification. The main objective of the proposed research study is to develop a hybrid DL model for automatic feature extraction from clicks data and then process through an RF classifier into two classes, such as fraudulent and non-fraudulent clicks. Furthermore, a preprocessing module is developed to preprocess data by dealing with categorical attributes and imbalanced data to enhance the reliability and consistency of the clicks data. In addition, different evaluation criteria are used to evaluate and compare the performance of the proposed CNN-BiLSTM-RF with the ensemble and standalone models. The experimental results indicate that our ensemble architecture achieved the accuracy of 99.19 ± 0.08%, precision 99.89 ± 0.03%, sensitivity 98.50 ± 0.11%, F1-score 99.19 ± 0.08% and specificity 99.89 ± 0- 03%. Furthermore, our proposed architecture produced superior results compared to other developed ensemble and conventional models. Moreover, our proposed ensemble architecture can be used as a safeguard against click fraud for pay-per-click advertising to facilitate industries for the safe and reliable promotion of their products.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bo Wang,Fan Wu,Guihai Chen

DOI: https://doi.org/10.1007/978-981-10-8890-2_12

2017-01-01

Abstract:With the widespread use of mobile devices, mobile online advertising is taking more and more market share. Cost per click and cost per view are the most popular pricing modes in mobile internet advertising, which take effective clicks or displaying duration as the charging basis. However, at the same time, ad fraud, which uses illegal and invalid clicks to fraud advertisers in order to obtain unreasonable income, become a serious problem. Most of the previous studies on click fraud in website focused on network traffic data analysis. This makes them cannot solve the placement fraud problem, which use invalid placement to mislead user to click on it in mobile apps. In this paper, we propose a joint crowdsourcing and data analyzing based placement click fraud detection system. For the characteristic of placement fraud in mobile apps, automatic processing cannot cover every possible fraud. To overcome this, our report system provides a platform to find all possible placement fraud through crowdsourcing. Report system has three main services: a monitor service for monitoring user’s call; a layout service for recording the screen; a data service for recording the backend data. Because the placement fraud only appears when users use the apps, the report system based on crowdsourcing can cover every possible placement fraud. We implement our system in 10 tablets with 500 apps to evaluate its effectiveness. Experiment result shows that our approach can record enough data to analysis which app has placement fraud. What’s more, our system can figure out some special placement fraud which pop ads when user is using other apps. This placement fraud cannot be solved through automatic method in previous studies.

Zheng-yang QIAN,Yong SHI,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1673-629X.2015.10.030

2015-01-01

Abstract:Clickjacking is a new type of Web attack in recent years. It uses transparent or overlapping interfaces spoofing user clicks. With the development and popularization of Mobile Internet,such attack appears on the mobile platforms,and is more harmful and indetect-able. In this paper,based on summarizing the traditional Clickjacking attack on the web,research the theories in depth on Android,mainly analyze Tapjacking and WebView-based Clickjacking. Because the traditional Clickjacking has certain limitations such as X-FRAME-OPTIONS and Frame Busting code,cannot effectively defense Android Clickjacking attack,in this paper study several defense way a-gainst Clickjacking,which can slow down the dangers of this kind of attack to a certain extent.

Gabriele Tolomei,Mounia Lalmas,Ayman Farahat,Andrew Haines

DOI: https://doi.org/10.1007/s41060-018-0122-1

2018-04-04

Abstract:In the cost per click (CPC) pricing model, an advertiser pays an ad network only when a user clicks on an ad; in turn, the ad network gives a share of that revenue to the publisher where the ad was impressed. Still, advertisers may be unsatisfied with ad networks charging them for "valueless" clicks, or so-called accidental clicks. [...] Charging advertisers for such clicks is detrimental in the long term as the advertiser may decide to run their campaigns on other ad networks. In addition, machine-learned click models trained to predict which ad will bring the highest revenue may overestimate an ad click-through rate, and as a consequence negatively impacting revenue for both the ad network and the publisher. In this work, we propose a data-driven method to detect accidental clicks from the perspective of the ad network. We collect observations of time spent by users on a large set of ad landing pages - i.e., dwell time. We notice that the majority of per-ad distributions of dwell time fit to a mixture of distributions, where each component may correspond to a particular type of clicks, the first one being accidental. We then estimate dwell time thresholds of accidental clicks from that component. Using our method to identify accidental clicks, we then propose a technique that smoothly discounts the advertiser's cost of accidental clicks at billing time. Experiments conducted on a large dataset of ads served on Yahoo mobile apps confirm that our thresholds are stable over time, and revenue loss in the short term is marginal. We also compare the performance of an existing machine-learned click model trained on all ad clicks with that of the same model trained only on non-accidental clicks. There, we observe an increase in both ad click-through rate (+3.9%) and revenue (+0.2%) on ads served by the Yahoo Gemini network when using the latter. [...]

Applications,Machine Learning