Vacha Dave Saikat Guha and Yin Zhang University of California San Diego Microsoft Research India The University of Texas at Austin Internet Advertising Today ID: 570044
Download Presentation The PPT/PDF document "catching click-spam in search ad Network..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
catching click-spam in search ad Networks
Vacha Dave
+
, Saikat Guha
★
and Yin Zhang *
+
University of California, San Diego
★
Microsoft Research
India
* The University of Texas at Austin
Slide2
Internet Advertising Today
2
Online advertising is a
40
billion dollar industry *Advertisers can reach a massive audiencePublishers can monetize trafficBlogs, News sites, Syndicated search enginesRevenue for content developmentPay-per-click advertising
*Based on Interactive Advertising Bureau Report, a consortium of Online Ad Networks Slide3
Pay-per-click advertising
3
Publisher
JS
Ad networkUser visits a publisher site
Ad
User clicks ad
Ad Content + URL
Ad Request
Advertiser
$10
$7
Advertiser billed
Publishers make 70% cutSlide4
Click-spam in Ad
N
etworks
4
Click-spamFraudulent or invalid clicksUsers delivered to the advertiser site are uninterestedAdvertisers lose moneyAnt-smasherSquish the ant to win the gameAds close to where user is expected to clickAd
Ant Slide5
Evolution of click-spam
5
Ad networks
try to mitigate click-spam
To maintain long time advertiser relationshipsFor fear of PR backlashArms raceClick-spam techniques have also evolvedSlide6
This talk
6
ViceROI: Click-spam mitigation algorithm
Can be
used by ad networkLooks at the financial motivesCatches diverse click-spam attacksLet us begin by looking at an examplesophisticated botnet driven click-fraudSlide7
7
Malware driven click fraud
(BOTID=50018&SEARCH-ENGINE-NAME&q=books)
Base64
Botmaster generates list of publishers
Publisher List
Publisher URL
AD URL
Auto-Redirect
(Fraud)
www.moo.com
Jane
searches
for books
Malware infected PC
Jane clicks on a
search
result
Malware infected PC
User wouldn’t know the malware
was doing click-fraudSlide8
Malware driven click fraud
8
Malware: TDL4
Peculiar behavior:
Can intercept and redirect all browser requestsOnly 1 click per IP address per day Gates clicks on user actionsWhy?Tries to evade possible rules that an ad network haveJavascript – CSS based signaturesIP thresholds Timing analysis – (e.g. when is a user most active)Defending against click-spam is getting hardSlide9
Conversions as a signal
9
Conversions are
desirable actions
On advertiser page: Email sign-up, purchase etc.Conversion tracking is an optional servicePixel on the checkout pageUsing conversion to gauge traffic qualityCost-per-action (CPA) payment modelConversion discounted Cost-per-click (Smart pricing) Discount clicks from publishers that don’t convertSlide10
Conversions being gamed too…
10
Experiment
Bluff
ad Concentrate bad traffic[1] Bluff formGarbage formOver 200 form fillsIn a weekMeansAutomatedHuman assistedCrowd-sourcedBluff Ad
[1]Measuring and fingerprinting click-spam in ad networks, SIGCOMM’12Slide11
Gaming Conversions: Conversion Fraud
11
Click-spammers now
generate conversions
On non-financial advertisersEmail signups, form filling, CAPTCHAsFinancial conversions don’t work eitherStolen credit card can be usedConversions don’t solve the problemNeed to go back to basicsSlide12
Follow the money
12
Click-spammers
exist to make money
Clicks, conversions are only side effectsCan be gamedKey idea: Follow the money trail$$
$
Click
-spammers
need
to pay
to acquire users
Rent-a-bot, install browser plugin
Use
acquired
user aggressivelySlide13
Milking the users: Ad injectors
User searches for ACM membership in search engine
After install,
Acts as a publisher
Inject ads in all websites Slide14
14
Milking the users: Search Hijacking
User has a Search toolbar bundled with browser
Ads
Entire area
clickable
Show ads
for all queries
- InformationalSlide15
Different Attacks: one goal
15
Click-spam
turns profit for spammer
Cost: Rent-a-bot, pay-per-install costRevenue: click payoutClick-spam carries inherent riskArrest - E.g. Operation Ghost click [1] Take downStrategy: use acquired user aggressivelySignature: Extremely high revenue/user for a publisherRegardless of means of click-fraudAs seen by the ad network[1] Seven charged in malware-driven click fraud case, Ars Technica, Nov 2011Ad injectorsSearch hijack
Bot driven
Conversion fraudSlide16
ViceROI : Key Challenges
16
Publisher diversity
Diverse business models
Search engines, blogs, online retailers Different volume scaleBlog sites to large companiesNo single revenue/user numberClick-spammers mix good and bad traffic For covering bad trafficSlide17
User Percentile
Revenue ( log scale )
Ethical Publishers
Click-spammers
ViceROI: Intuition
Several orders
of magnitude
Mixed trafficSlide18
User Percentile
Revenue ( log scale )
Baseline
Click-spam
Expectation region
ViceROI: AlgorithmSlide19
Contributions
19
ViceROI
Single algorithm
to catch diverse click-spam attacksAll four attacks described and othersNo tuning knobsRuns at the ad networkWorks at Internet scalePiloted it at a large ad networkAcross diverse publishers and usersBluff form for catching conversion fraudSlide20
Evaluation
20
Ad data from a large ad network
Three weeks,
millions of clicksThousands of publishersGround truthAd network’s own heuristic Evaluation CriteriaClassifier performance (TP, FP, TN, FN)Compare against existing filtration rulesTypes of attack caughtSlide21
21
Evaluation – TPR vs. FPR
TPR = TP/P , FPR = FP/PSlide22
Diverse attacks caught
22
Bot driven click-fraud
Two different botnets, ZeroAccess and TDL4
Conversion fraud enhanced click-fraudSearch HijackingToolbar basedBrowser basedDNS based Ad injectorsParked domains, Arbitrage and others..Slide23
Summary
23
ViceROI: algorithm to
catch click-fraud
No tuning knobsBased on click-spammers’ high profit motiveTo beat ViceROI, spammer must reduce profitGood classifier performanceCatches a wide variety of attacksMalware-driven, conversion fraud, ad injectors and others..Piloted at a major ad networkSlide24
Thanks!
24Slide25
Comparison against existing rules
25Slide26
Precision-Recall Curve
26Slide27
Effect of low intensity bot traffic
Number of Days Clicked
# Users
Search engine
Click-spammer
Steady Bot trafficSlide28
50%
Current threshold
(auto-tuned from data)
40%
Marked as Click-spam
100%
7
0%
10% Slide29
100x
10x
Current threshold
(auto-tuned from data)
1x
Marked as Click-spamSlide30
Ad revenue spend [IAB quarterly report]
30