Chenhong Cao,Yi Gao,Yang Luo,Mingyuan Xia,Wei Dong,Chun Chen,Xue Liu

DOI: https://doi.org/10.1109/tmc.2020.2966991

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile advertising plays a vital role in the mobile app ecosystem. A major threat to the sustainability of this ecosystem is click fraud, i.e., ad clicks performed by malicious code or automatic bot problems. Existing click fraud detection approaches focus on analyzing the ad requests at the server side. However, such approaches may suffer from high false negatives since the detection can be easily circumvented, e.g., when the clicks are behind proxies or globally distributed. In this paper, we present AdSherlock, an efficient and deployable click fraud detection approach at the client side (inside the application) for mobile apps. AdSherlock splits the computation-intensive operations of click request identification into an offline procedure and an online procedure. In the offline procedure, AdSherlock generates both exact patterns and probabilistic patterns based on URL (Uniform Resource Locator) tokenization. These patterns are used in the online procedure for click request identification and further used for click fraud detection together with an ad request tree model. We implement a prototype of AdSherlock and evaluate its performance using real apps. The online detector is injected into the app executable archive through binary instrumentation. Results show that AdSherlock achieves higher click fraud detection accuracy compared with state of the art, with negligible runtime overhead.

Haitao Xu,Daiping Liu,Aaron Koehl,Haining Wang,Angelos Stavrou

DOI: https://doi.org/10.1007/978-3-319-11212-1_24

2014-01-01

Abstract:Click fraud-malicious clicks at the expense of pay-per-click advertisers-is posing a serious threat to the Internet economy. Although click fraud has attracted much attention from the security community, as the direct victims of click fraud, advertisers still lack effective defense to detect click fraud independently. In this paper, we propose a novel approach for advertisers to detect click frauds and evaluate the return on investment (ROI) of their ad campaigns without the helps from ad networks or publishers. Our key idea is to proactively test if visiting clients are full-fledged modern browsers and passively scrutinize user engagement. In particular, we introduce a new functionality test and develop an extensive characterization of user engagement. Our detection can significantly raise the bar for committing click fraud and is transparent to users. Moreover, our approach requires little effort to be deployed at the advertiser side. To validate the effectiveness of our approach, we implement a prototype and deploy it on a large production website; and then we run 10-day ad campaigns for the website on a major ad network. The experimental results show that our proposed defense is effective in identifying both clickbots and human clickers, while incurring negligible overhead at both the server and client sides.

Congcong Shi,Rui Song,Xinyu Qi,Yubo Song,Bin Xiao,Sanglu Lu

DOI: https://doi.org/10.1109/icc40277.2020.9149420

2020-01-01

Abstract:Advertising income depends on the amount of clicks by users of websites and mobile applications. However, the emergence of click fraud greatly reduces the real benefits of the advertisement. Most existing researches focus on detecting click fraud by analyzing properties and patterns of click data streams, but attackers can construct data that looks legitimate by replaying former data streams. In this paper, we propose a novel system called ClickGuard to detect click fraud attacks. ClickGuard takes advantage of motion sensor signals from mobile devices, since the pattern of motion signals is completely different under real click events and fraud events. To prevent attackers from bypassing the system by faking the time-domain statistical characteristics of original signals, we introduce the MFCC algorithm in feature extraction phase. MFCC algorithm can extract frequency-domain features of original signals in specific frequency bands which are hardly constructed out of thin air. Classifiers are finally constructed using these features and several machine learning algorithms. Experiments show that ClickGuard can achieve the accuracy of 96.71% in general environment and 84.16% when attackers modify the time-domain statistical characteristics of raw data.

Suibin Sun,Le Yu,Xiaokuan Zhang,Minhui Xue,Ren Zhou,Haojin Zhu,Shuang Hao,Xiaodong Lin

DOI: https://doi.org/10.1145/3460120.3484547

2021-01-01

Abstract:Along with gaining popularity of Real-Time Bidding (RTB) based programmatic advertising, the click farm based invalid traffic, which leverages massive real smartphones to carry out large-scale ad fraud campaigns, is becoming one of the major threats against online advertisement. In this study, we take an initial step towards the detection and large-scale measurement of the click farm based invalid traffic. Our study begins with a measurement on the device's features using a real-world labeled dataset, which reveals a series of features distinguishing the fraudulent devices from the benign ones. Based on these features, we develop EvilHunter, a system for detecting fraudulent devices through ad bid request logs with a focus on clustering fraudulent devices. EvilHunter functions by 1) building a classifier to distinguish fraudulent and benign devices; 2) clustering devices based on app usage patterns; and 3) relabeling devices in clusters through majority voting. EvilHunter demonstrates 97% precision and 95% recall on a real-world labeled dataset. By investigating a super click farm, we reveal several cheating strategies that are commonly adopted by fraudulent clusters. We further reduce the overhead of EvilHunter and discuss how to deploy the optimized EvilHunter in a real-world system. We are in partnership with a leading ad verification company to integrate EvilHunter into their industrial platform.

Weibin Li,Qiwei Zhong,Qingyang Zhao,Hongchun Zhang,Xiaonan Meng

DOI: https://doi.org/10.48550/arXiv.2105.03567

IF: 5.414

2021-05-08

Machine Learning

Abstract:Advertising click fraud detection plays one of the vital roles in current E-commerce websites as advertising is an essential component of its business model. It aims at, given a set of corresponding features, e.g., demographic information of users and statistical features of clicks, predicting whether a click is fraudulent or not in the community. Recent efforts attempted to incorporate attributed behavior sequence and heterogeneous network for extracting complex features of users and achieved significant effects on click fraud detection. In this paper, we propose a Multimodal and Contrastive learning network for Click Fraud detection (MCCF). Specifically, motivated by the observations on differences of demographic information, behavior sequences and media relationship between fraudsters and genuine users on E-commerce platform, MCCF jointly utilizes wide and deep features, behavior sequence and heterogeneous network to distill click representations. Moreover, these three modules are integrated by contrastive learning and collaboratively contribute to the final predictions. With the real-world datasets containing 2.54 million clicks on Alibaba platform, we investigate the effectiveness of MCCF. The experimental results show that the proposed approach is able to improve AUC by 7.2% and F1-score by 15.6%, compared with the state-of-the-art methods.

Jianyu Wang,Chunming Wu

DOI: https://doi.org/10.1177/0020294020970213

2020-01-01

Abstract:Given users and products that he/she reviews, can we recognize fake reviews just using the text information, or determine whether a reviewer is a fraud or not? Automatically detecting fake reviews and reviewers is an urgent problem and lots of work attempts for discovering linguistics, behaviors and graph patterns. However, in reality, there are new kinds of fraudsters who can change their behaviors to camouflage as genuine reviewers to avoid detection systems. With the fraudsters become distributed, dynamic, and adversarial, anti-spam tasks face a new challenge. In this paper, we tackle the challenge of adversarial fraudsters in online app review platform and propose a system called DDF (Detect, Defense, and Forecast) to uncover camouflage accounts. Firstly, we select a small set of seed with high-precision based on text and behavior features; Secondly, we build our graph-based detection model for uncovering hidden (distant) users who serve structurally similar to the seed by utilizing Graph Convolutional Network (GCN) algorithm. Thirdly, we evaluate DDF using real-world data set from Tencent APP Store and analyze the potential fraudsters detected by DDF. It is worth mentioning that precision can achieve 0.95+. Finally, we validate the efficiency and scalability of DDF and show that it can be well transferred to other anti-spam tasks.

Qiuyun Lyu,Hao Li,Renjie Zhou,Jilin Zhang,Nailiang Zhao,Yan Liu

DOI: https://doi.org/10.1155/2022/3043489

IF: 1.968

2022-04-29

Security and Communication Networks

Abstract:Online advertising, which depends on consumers’ click, creates revenue for media sites, publishers, and advertisers. However, click fraud by criminals, i.e., the ad is clicked either by malicious machines or hiring people, threatens this advertising system. To solve the problem, many schemes are proposed which are mainly based on machine learning or statistical analysis. Although these schemes mitigate the problem of click fraud, several problems still exist. For example, some fraudulent clicks are still in the wild since their schemes only discover the fraudulent clicks with a probability approaching but not 100%. Also, the process of detecting a click fraud is executed by a single publisher, which makes a chance for the publisher to obtain illegal income by deceiving advertisers and media sites. Besides, the identity privacy of consumers is also exposed because the schemes deal with the plain text of consumers’ real identity. Therefore, in this paper, a blockchain-based click fraud detection and prevention scheme (BCFDPS) for online advertising is proposed to deal with the above problems. Specifically, the BCFDPS mainly introduces bilinear pairing to implicitly verify whether a consumer’s real digital identity is contained in a click message to significantly avoid click fraud and employs a consortium blockchain to ensure the transparency of the detection and prevention process. In our scheme, the clicks by machines or fraud ones by a human can be accurately detected and prevented by media sites, publishers, and advertisers. Furthermore, ciphertext-policy attribute-based encryption is adopted to protect the identity privacy of consumers. The implementation and evaluation results show that compared with the existing click fraud detection and prevention schemes based on machine learning and statistical analysis, BCFDPS achieves detection of each fraudulent click with a probability of 100% and consumes lower computation cost; furthermore, BCFDPS adds functions of consumers’ privacy protection and click fraud detection and prevention, compared to the existing blockchain-based online advertising scheme, by introducing limited communication cost ( 4,984 bytes) at lower storage cost.

computer science, information systems,telecommunications

Tong Zhu,Yan Meng,Haotian Hu,Xiaokuan Zhang,Minhui Xue,Haojin Zhu

DOI: https://doi.org/10.1145/3460120.3484546

2021-09-15

Abstract:Although the use of pay-per-click mechanisms stimulates the prosperity of the mobile advertisement network, fraudulent ad clicks result in huge financial losses for advertisers. Extensive studies identify click fraud according to click/traffic patterns based on dynamic analysis. However, in this study, we identify a novel click fraud, named humanoid attack, which can circumvent existing detection schemes by generating fraudulent clicks with similar patterns to normal clicks. We implement the first tool ClickScanner to detect humanoid attacks on Android apps based on static analysis and variational AutoEncoder (VAE) with limited knowledge of fraudulent examples. We define novel features to characterize the patterns of humanoid attacks in the apps' bytecode level. ClickScanner builds a data dependency graph (DDG) based on static analysis to extract these key features and form a feature vector. We then propose a classification model only trained on benign datasets to overcome the limited knowledge of humanoid attacks. We leverage ClickScanner to conduct the first large-scale measurement on app markets (i.e.,120,000 apps from Google Play and Huawei AppGallery) and reveal several unprecedented phenomena. First, even for the top-rated 20,000 apps, ClickScanner still identifies 157 apps as fraudulent, which shows the prevalence of humanoid attacks. Second, it is observed that the ad SDK-based attack (i.e., the fraudulent codes are in the third-party ad SDKs) is now a dominant attack approach. Third, the manner of attack is notably different across apps of various categories and popularities. Finally, we notice there are several existing variants of the humanoid attack. Additionally, our measurements demonstrate the proposed ClickScanner is accurate and time-efficient (i.e., the detection overhead is only 15.35% of those of existing schemes).

Cryptography and Security

Malak Aljabri,Rami Mustafa A. Mohammad

DOI: https://doi.org/10.1016/j.eij.2023.05.006

IF: 4.195

2023-05-17

Egyptian Informatics Journal

Abstract:Advertising corporations have moved their focus to online and in-App advertisements in response to the expansion of digital technologies and social media. Online advertising represents the primary revenue source for advertising networks that serve as the middlemen between advertisers and advertisement publishers. The advertising networks pay the publisher of the advertisement based on the number of clicks through to advertisers, following the pay-per-click (PPC) payment scheme. However, there is a growing security issue with this payment approach known as Click Fraud. Click fraud is the illegal process of clicking on pay-per-click advertisements to increase publishers' revenue or deplete advertisers' budgets. Artificial intelligence techniques have been increasingly employed to solve complicated challenges in different research areas, including cybersecurity, to achieve unexpected outcomes. In this paper, several Machine Learning models were constructed to establish whether the user is a human or a bot and conducted a comparative performance analysis using a set of evaluation metrics. We used a real captured dataset detailing Internet users' behavior while navigating websites. We extracted a set of features related to users' behaviors, including the number of webpages viewed during the browsing session, the duration of the browsing journey, and the actions performed. The empirical results revealed that all the considered models obtained good results, where the random forest algorithm surpassed all other algorithms in all evaluation metrics.

computer science, information systems, artificial intelligence

Amreen Batool,Yung-Cheol Byun

DOI: https://doi.org/10.1109/access.2022.3211528

IF: 3.9

2022-11-04

IEEE Access

Abstract:With the rapid development of online advertising, click fraud is a serious issue for the internet market. Click fraud is a dishonest attempt to improve a website's profit or deplete an advertiser's budget by clicking on pay-per-click advertisements. For an extended period, this illegal act has a threat to the industrial sectors. As a result, these businesses hesitate to advertise their items on mobile apps and websites, as numerous groups attempt to take advantage of themes. To safely advertise their services and products online, a robust mechanism is needed for efficient click fraud detection. To tackle this issue, an ensemble architecture of machine learning and deep learning is proposed to detect click fraud in online advertisement campaigns. The proposed ensemble architecture consists of a Convolutional Neural Network (CNN), and a Bidirectional Long Short-Term Memory network (BiLSTM) is used to extract hidden features, while the Random Forest (RF) is used for classification. The main objective of the proposed research study is to develop a hybrid DL model for automatic feature extraction from clicks data and then process through an RF classifier into two classes, such as fraudulent and non-fraudulent clicks. Furthermore, a preprocessing module is developed to preprocess data by dealing with categorical attributes and imbalanced data to enhance the reliability and consistency of the clicks data. In addition, different evaluation criteria are used to evaluate and compare the performance of the proposed CNN-BiLSTM-RF with the ensemble and standalone models. The experimental results indicate that our ensemble architecture achieved the accuracy of 99.19 ± 0.08%, precision 99.89 ± 0.03%, sensitivity 98.50 ± 0.11%, F1-score 99.19 ± 0.08% and specificity 99.89 ± 0- 03%. Furthermore, our proposed architecture produced superior results compared to other developed ensemble and conventional models. Moreover, our proposed ensemble architecture can be used as a safeguard against click fraud for pay-per-click advertising to facilitate industries for the safe and reliable promotion of their products.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bin Liu,Suman Nath,Ramesh Govindan,Jie Liu

DOI: https://doi.org/10.5555/2616448.2616455

2014-01-01

Abstract:Ad networks for mobile apps require inspection of the visual layout of their ads to detect certain types of placement frauds. Doing this manually is error prone, and does not scale to the sizes of today's app stores. In this paper, we design a system called DECAF to automatically discover various placement frauds scalably and effectively. DECAF uses automated app navigation, together with optimizations to scan through a large number of visual elements within a limited time. It also includes a framework for efficiently detecting whether ads within an app violate an extensible set of rules that govern ad placement and display. We have implemented DECAF for Windows-based mobile platforms, and applied it to 1,150 tablet apps and 50,000 phone apps in order to characterize the prevalence of ad frauds. DECAF has been used by the ad fraud team in Microsoft and has helped find many instances of ad frauds.

Shishir Nagaraja,Ryan Shah

DOI: https://doi.org/10.48550/arXiv.1903.00733

2019-03-02

Cryptography and Security

Abstract:Advertising is a primary means for revenue generation for millions of websites and smartphone apps (publishers). Naturally, a fraction of publishers abuse the ad-network to systematically defraud advertisers of their money. Defenses have matured to overcome some forms of click fraud but are inadequate against the threat of organic click fraud attacks. Malware detection systems including honeypots fail to stop click fraud apps; ad-network filters are better but measurement studies have reported that a third of the clicks supplied by ad-networks are fake; collaborations between ad-networks and app stores that bad-lists malicious apps works better still, but fails to prevent criminals from writing fraudulent apps which they monetise until they get banned and start over again. This work develops novel inference techniques that can isolate click fraud attacks using their fundamental properties. In the {\em mimicry defence}, we leverage the observation that organic click fraud involves the re-use of legitimate clicks. Thus we can isolate fake-clicks by detecting patterns of click-reuse within ad-network clickstreams with historical behaviour serving as a baseline. Second, in {\em bait-click defence}. we leverage the vantage point of an ad-network to inject a pattern of bait clicks into the user's device, to trigger click fraud-apps that are gated on user-behaviour. Our experiments show that the mimicry defence detects around 81\% of fake-clicks in stealthy (low rate) attacks with a false-positive rate of 110110 per hundred thousand clicks. Bait-click defence enables further improvements in detection rates of 95\% and reduction in false-positive rates of between 0 and 30 clicks per million, a substantial improvement over current approaches.

Leyi Song,Xueqing Gong,Xiaofeng He,Rong Zhang,Aoying Zhou

2013-01-01

Abstract:The healthy development of the Internet largely depends on the online advertisement which provides the financial support to the Internet. Click fraud, however, poses serious threat to the Internet ecosystem. It not only brings harm to the advertisers, but also damages the mutual trust between advertiser and ad agency. Click fraud prediction is a typical big data application in that we normally need to identify the malicious clicks from massive click logs, therefore e cient detection methods in big data framework are much desired to combat this fraudulent behavior. In this paper, we propose a three-stage filtering system to attack click fraud. The serialized filters e↵ectively detect the malicious clicks with decreasing confidence that can satisfy both advertisers and content providers.

Feng Dong,Haoyu Wang,Yuanchun Li,Yao Guo,Li,Shaodong Zhang,Guoai Xu

2017-01-01

Abstract:Previous studies on mobile ad fraud detection are limited to detecting certain types of ad fraud (e.g., placement fraud and click fraud). Dynamic interactive ad fraud has never been explored by previous work. In this paper, we propose an explorative study of ad fraud in Android apps. We first created a taxonomy of existing mobile ad fraud. Besides static placement fraud, we also created a new category called dynamic interactive fraud and found three new types of them. Then we propose FrauDroid, a new approach to detect ad fraud based on user interface (UI) state transition graph and networking traffic. To achieve accuracy and scalability, we use an optimized exploration strategy to traverse the UI states that contain ad views, and design a set of heuristic rules to identify kinds of ad fraud. Experiment results show that FrauDroid could achieve a precision of 80.9\% and it is capable of detecting all the 7 types of mobile ad fraud. We then apply FrauDroid to more than 80,000 apps from 21 app markets to study the prevalene of ad fraud. We find that 0.29\% of apps that use ad libraries are identified containing frauds, with 23 ad networks suffering from ad fraud. Our finding also suggests that Dynamic interactive fraud is more prevalent than static placement fraud in real world apps.

Bo Wang,Fan Wu,Guihai Chen

DOI: https://doi.org/10.1007/978-981-10-8890-2_12

2017-01-01

Abstract:With the widespread use of mobile devices, mobile online advertising is taking more and more market share. Cost per click and cost per view are the most popular pricing modes in mobile internet advertising, which take effective clicks or displaying duration as the charging basis. However, at the same time, ad fraud, which uses illegal and invalid clicks to fraud advertisers in order to obtain unreasonable income, become a serious problem. Most of the previous studies on click fraud in website focused on network traffic data analysis. This makes them cannot solve the placement fraud problem, which use invalid placement to mislead user to click on it in mobile apps. In this paper, we propose a joint crowdsourcing and data analyzing based placement click fraud detection system. For the characteristic of placement fraud in mobile apps, automatic processing cannot cover every possible fraud. To overcome this, our report system provides a platform to find all possible placement fraud through crowdsourcing. Report system has three main services: a monitor service for monitoring user’s call; a layout service for recording the screen; a data service for recording the backend data. Because the placement fraud only appears when users use the apps, the report system based on crowdsourcing can cover every possible placement fraud. We implement our system in 10 tablets with 500 apps to evaluate its effectiveness. Experiment result shows that our approach can record enough data to analysis which app has placement fraud. What’s more, our system can figure out some special placement fraud which pop ads when user is using other apps. This placement fraud cannot be solved through automatic method in previous studies.

Gabriele Tolomei,Mounia Lalmas,Ayman Farahat,Andrew Haines

DOI: https://doi.org/10.1007/s41060-018-0122-1

2018-04-04

Abstract:In the cost per click (CPC) pricing model, an advertiser pays an ad network only when a user clicks on an ad; in turn, the ad network gives a share of that revenue to the publisher where the ad was impressed. Still, advertisers may be unsatisfied with ad networks charging them for "valueless" clicks, or so-called accidental clicks. [...] Charging advertisers for such clicks is detrimental in the long term as the advertiser may decide to run their campaigns on other ad networks. In addition, machine-learned click models trained to predict which ad will bring the highest revenue may overestimate an ad click-through rate, and as a consequence negatively impacting revenue for both the ad network and the publisher. In this work, we propose a data-driven method to detect accidental clicks from the perspective of the ad network. We collect observations of time spent by users on a large set of ad landing pages - i.e., dwell time. We notice that the majority of per-ad distributions of dwell time fit to a mixture of distributions, where each component may correspond to a particular type of clicks, the first one being accidental. We then estimate dwell time thresholds of accidental clicks from that component. Using our method to identify accidental clicks, we then propose a technique that smoothly discounts the advertiser's cost of accidental clicks at billing time. Experiments conducted on a large dataset of ads served on Yahoo mobile apps confirm that our thresholds are stable over time, and revenue loss in the short term is marginal. We also compare the performance of an existing machine-learned click model trained on all ad clicks with that of the same model trained only on non-accidental clicks. There, we observe an increase in both ad click-through rate (+3.9%) and revenue (+0.2%) on ads served by the Yahoo Gemini network when using the latter. [...]

Applications,Machine Learning

Tian Tian,Jun Zhu,Fen Xia,Xin Zhuang,Tong Zhang

DOI: https://doi.org/10.1145/2736277.2741136

2015-01-01

Abstract:The rise of crowdsourcing brings new types of malpractices in Internet advertising. One can easily hire web workers through malicious crowdsourcing platforms to attack other advertisers. Such human generated crowd frauds are hard to detect by conventional fraud detection methods. In this paper, we carefully examine the characteristics of the group behaviors of crowd fraud and identify three persistent patterns, which are moderateness, synchronicity and dispersivity. Then we propose an effective crowd fraud detection method for search engine advertising based on these patterns, which consists of a constructing stage, a clustering stage and a filtering stage. At the constructing stage, we remove irrelevant data and reorganize the click logs into a surfer-advertiser inverted list; At the clustering stage, we define the sync-similarity between surfers' click histories and transform the coalition detection to a clustering problem, solved by a nonparametric algorithm; and finally we build a dispersity filter to remove false alarm clusters. The nonparametric nature of our method ensures that we can find an unbounded number of coalitions with nearly no human interaction. We also provide a parallel solution to make the method scalable to Web data and conduct extensive experiments. The empirical results demonstrate that our method is accurate and scalable.

Hamed Haddadi

DOI: https://doi.org/10.48550/arXiv.1002.2353

2010-02-11

Abstract:Online advertising is currently the greatest source of revenue for many Internet giants. The increased number of specialized websites and modern profiling techniques, have all contributed to an explosion of the income of ad brokers from online advertising. The single biggest threat to this growth, is however, click-fraud. Trained botnets and even individuals are hired by click-fraud specialists in order to maximize the revenue of certain users from the ads they publish on their websites, or to launch an attack between competing businesses. In this note we wish to raise the awareness of the networking research community on potential research areas within this emerging field. As an example strategy, we present Bluff ads; a class of ads that join forces in order to increase the effort level for click-fraud spammers. Bluff ads are either targeted ads, with irrelevant display text, or highly relevant display text, with irrelevant targeting information. They act as a litmus test for the legitimacy of the individual clicking on the ads. Together with standard threshold-based methods, fake ads help to decrease click-fraud levels.

Cryptography and Security

Wang Jianyu,Wu Chunming,Ji Shouling,Gu Qinchen,Li Zhao

DOI: https://doi.org/10.1145/3145511.3145514

2017-01-01

Abstract:Research on advertisement has mainly focused on how to accurately predict the click-through rate (CTR). Much less is known about fraud detection and malicious behavior defense. Previous studies usually use statistics, design threshold and manually make strategies, which cannot find potential fraud behavior effectively and suffer from new attacks. In this paper, we make the first step to understand the type of malicious activities on large-scale online advertising platforms. By analyzing each feature comprehensively, we propose a novel coding approach to transform nominal attributes into numeric while maintaining the most effective information of the original data for fraud detection. Next, we code important features such as IP and cookie in our dataset and train machine learning methods to detect fraud traffic automatically. Experimental results on real datasets demonstrate that the proposed fraud detection method performs well considering both the accuracy and efficiency. Finally, we conclude how to design a defense system by considering which methods could be used for the anti-spam gaming in the future.