fingerprinting click spam in
play

FINGERPRINTING CLICK-SPAM IN AD NETWORKS Vacha Dave *, Saikat Guha - PowerPoint PPT Presentation

Mar 20, 2023 •216 likes •712 views

MEASURING AND FINGERPRINTING CLICK-SPAM IN AD NETWORKS Vacha Dave *, Saikat Guha and Yin Zhang * * The University of Texas at Austin Microsoft Research India Internet Advertising Today 2 Online advertising is a 31 billion dollar

  1. MEASURING AND FINGERPRINTING CLICK-SPAM IN AD NETWORKS Vacha Dave *, Saikat Guha ★ and Yin Zhang * * The University of Texas at Austin ★ Microsoft Research India

  2. Internet Advertising Today 2  Online advertising is a 31 billion dollar industry *  Publishers can monetize traffic  Blogs, News sites, Syndicated search engines  Revenue for content development  Pay-per-click advertising  Advertisers pay per-click to ad networks  Publishers make a 70% cut on each click on their site *Based on Interactive Advertising Bureau Report, a consortium of Online Ad Networks

  3. Click-spam in Ad Networks 3  Click-spam  Fraudulent or invalid clicks  Users delivered to the advertiser site are uninterested  Advertisers lose money  Possible Motives  Malicious advertisers (or other parties)  Deplete competitor’s ad budgets  Isolated cases  Publishers/Syndicated search engines  Make money on every click that happens on their site

  4. Mobile Devices and Ads 4  Mobile game  Squish the ant to win the game  Ads placed close to where user is expected to click Ant Ad

  5. Click-spam Detection 5  No ground truth  Almost impossible to know if particular click is genuine  Need to guess the intent of user  Different levels of click-spam in different segments  Aggregate numbers are meaningless  Ad networks aren’t transparent  Security by obscurity  Real problem – lot of work needed  Researchers lack real attack data

  6. Contributions  First method to independently estimate click-spam  As an advertiser  For specific keywords  Test across ten ad networks  Search, contextual, social and mobile ad networks  Show that click-spam is a problem  For Mobile and Social ad networks  Discover five classes of sophisticated attacks  Why simple heuristics don’t work  Release data for researchers

  7. Estimating click-spam – Approach 7  Hard to classify any single click  Estimate fraction of click-spam  Designed Bayesian estimation framework  Uses only advertiser-measurable quantities  Cancel out unmeasurable quantities  By relating different mixes of good and bad traffic

  8. Estimating Click-spam – Main Idea How many ? Equate ratios of buyers to non-spammers Both non-spammers and A fraction of non-spammers spammers click ads buy ? Black box Lose spammers and some Some non-spammers buy Both non-spammers and non-spammers spammers click ads

  9. Dissecting Black box – Hurdles Hurdle Some spammers and Spammers and non-spammers Extra click required to view Non-spammers see the click on an ad site content  Different hurdles have different hardness  5 sec wait, Click to continue  Send only a fraction of traffic through hurdles  To minimize impact on user experience  Perfect hurdle would block all spam 9  In reality, some spammers get through (False Negatives)

  10. Dissecting Black box - Bluff Ads[1]  Bluff Ads  Junk ad text with normal keywords, same targeting  Normal users unlikely to click Bluff Normal 10 [1] Fighting online click fraud using bluff ads [CCR 2010]

  11. Dissecting Black box - Bluff Ads[1]  Bluff Ads  Junk ad text with normal keywords, same targeting  Normal users unlikely to click Hurdle Spammers and curious Some spammers and users click on an ad users may see the 11 content [1] Fighting online click fraud using bluff ads [CCR 2010]

  12. Dissecting Black box - Bluff Ads[1]  Maximum False Negative rate known for each hurdle  Can be subtracted out Hurdle Spammers and curious Some spammers and users click on an ad users may see the 12 content [1] Fighting online click fraud using bluff ads [CCR 2010]

  13. Testing Ad Networks 13  Sign up as advertisers for ten ad networks  Search, Contextual, Mobile and Social  Google, Bing, AdMob, InMobi, Facebook and others  240 Ads  Keywords: Celebrity, Yoga, Lawnmower  Hurdles: Click to continue, 5 sec wait  50,000 Clicks  30,000 bluff ad clicks  Cost: $1500

  14. Uh-oh. How do we validate? 14 No ground truth! Compare against search ads on Google and Bing

  15. Results – Validation using search ads 15 Ad Network’s Estimate  Our Estimate Valid Traffic Fraction (Normalized) 1.25 celebrity yoga Fraction valid (norm.) lawnmower 1 0.75 0.5 0.25 0 A B C Ad Networks Clicks charged are close to the estimated valid clicks

  16. Results – Estimating Mobile Spam 16 Ad Network’s Estimate  Our Estimate 1 Valid Traffic Fraction (Normalized) Fraction valid (norm.) 0.75 0.5 0.25 0 A B C D Most mobile ad networks fail to fight click-spam

  17. Results – Estimating Contextual Spam 17 Ad Network’s Estimate  Our Estimate Valid Traffic Fraction (Normalized) celebrity 1.25 yoga Fraction valid (norm.) lawnmower 1 0.75 0.5 0.25 0 A B C All networks seem to be underestimating the amount of spam

  18. Where is click-spam coming from? 18  Analyze bluff ad clicks  Publishers: Strong motive  Instead of clicks/users  Manual Investigation  Challenge: Scale  3000+ publishers, 30,000 Clicks  Identical sites!  Cluster on cosine similarity  Feature vector  WHOIS , IP Address/Subnet, HTTP parameters

  19. 19

  20. 20

  21. 21

  22. 22

  23. Case Study 1 - Malware driven click fraud Malware infected PC (BOTID=50018&SEARCH-ENGINE-NAME&q=books) Base64 Jane searches for books Malware infected PC Publisher List Botmaster generates list of publishers Jane clicks on a www.moo.com search result Publisher URL Auto-Redirect All background traffic – Jane sees nothing (Fraud) AD URL 23

  24. Case Study 1 - Malware driven Click fraud 24  Responsible Malware: TDL4  Validation: Run malware in VM  Can intercept and redirect all browser requests  Browser specific filtering doesn’t work  Only 1 click per IP address per day  Threshold based filtering doesn’t work  Mimics real user behavior  Timing analysis doesn’t work

  25. ClickSpam and Arbitrage 25  Polished forum sites  Bluff ad clicks on ad network X  No malware reports  Not popular Copied  Where do they get traffic?  No ads on the site !!

  26. Click-spam and Arbitrage 26  Advertiser on network Y  Creates 4500+ ads Ads  Publisher on network X  Page now has only ads  No questions or answers  Confusing users into clicks

  27. Click-spam and Arbitrage 27 Site pays $ to Y Site earns $$$$ from X  Tricking real users into clicking Ads  Bot detection techniques don’t apply

  28. Case Study3 - Click Fraud using Parked Domains Go to icicibank.com Jane mistypes icicbank.com in her browser and presses enter Parked Domain Auto-Redirect Auto-Redirect (Fraud) AD URL Jane ends up on icicibank.com icicibank.com pays for a 28 click

  29. Case Study3 - Click Fraud using Parked Domains 29  41of 400 parked domains hosted on a single IP  Misspellings of common websites:  icicbank.com, nsdi.com   Auto- redirect depends on Jane’s geo -location  IP hosts 500,000 such domains  User mistypes a URL  Advertiser must pay!  User behavior indistinguishable from normal traffic  Naively using conversions don’t work

  30. Case Study 4 – Mobile click-spam 30  Indian Mobile ad network  Supplies WAP Ads to a group of WAP porn sites  Ad links indistinguishable from porn video links  Gaming apps  Place ads close to where users are expected to click  Ant-Smasher, Milk-the-Cow, and 50 others

  31. 31

  32. 32

  33. 33

  34. 34

  35. 35

  36. 36

  37. 37

  38. 38

  39. Summary  Click-spam remains a problem  First way of estimating click-spam Independently  As an advertiser, for a set of keywords  Extensive validation  Sophisticated click-spam attacks today  Sybil sites  Malware mimics user behavior  Social engineering attacks and others  Dataset is available for download  All clicks (minimally sanitized)  http://www.cs.utexas.edu/~vacha/sigcomm12-clickspam.tar.gz

  40. Thanks! 40 Data at: http://www.cs.utexas.edu/~vacha/sigcomm12-clickspam.tar.gz

  41. Dwell Time for Mobile Ad Networks 41 1 0.8 0.6 CDF 0.4 A 0.2 D B C 0 0s 2s 4s 6s 8s 10s

  42. Dwell Time for Reputable Search Networks 42 1 0.9 0.8 0.7 0.6 CDF 0.5 0.4 0.3 0.2 Search Network A Search Network B 0.1 0 50 100 150 200 Dwell Time(s)

  43. Conversion Definitions 43 1 5s dwell, 1 mouse ev 15s dwell, 5 mouse ev Fraction gold-standard 0.8 30s dwell, 15 mouse ev 0.6 0.4 0.2 0 Original Control

  44. Advertiser’s Webserver Logs 44 HTTP Referer Header identifies the publisher or syndicator: dotellall.com Network layer attributes Application layer attributes IP : 208.94.146.81 URI : results.php IP Subnet: 208.94.146.0/24 URL parameters: “ uvx =“ Domain Owner: Domains By Proxy, LLC Style sheet Domain Registrar: GODADDY.COM, LLC Font Registration Date: 07-sep-1999 Hosting provider: NTT America, Inc

  45. Mechanics of a click 45 Jane Searches Generates the For Books Results Page With Ads Ad Impression Redirects Jane to Jane Sees the Ad Advertiser Site And Clicks it Ad Click

  46. Malware chain of redirects 46

  47. It’s acceptable to omit “www” in a website name Incredibly hard to detect spam traffic, because of similar domain names 47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL & BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
Go to the JOIN-US page and click on the Orange button Choose your membership type and click NEXT

Go to the JOIN-US page and click on the Orange button Choose your membership type and click NEXT

Go to the JOIN-US page and click on the Orange button Choose your membership type and click NEXT Fill in your email and the anti-spam code then NEXT Enter your details. You must agree the privacy policy and state whether you wish other members

273 views • 4 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
Spamalytics Steve Johnson Wednesday, February 23, 2011 Introduction What percentage of

Spamalytics Steve Johnson Wednesday, February 23, 2011 Introduction What percentage of

Spamalytics Steve Johnson Wednesday, February 23, 2011 Introduction What percentage of people click on spam? How profitable is spam? Answer these questions for a better understanding of how to stop spam But how to answer them?

259 views • 24 slides
Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Dynamics Web Spam Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0710-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy

669 views • 49 slides
k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes University College London August 12, 2016 1/24 How does website fingerprinting work? - Training Tor network Relay 2 Adversary Relay 1

988 views • 24 slides
Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Dynamics Web Spam Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0709-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy Overview

806 views • 49 slides
Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why should you care? How to detect Spam? 2 What is Spam? What is Spam? All forms of malicious manipulation of user generated data so as to

943 views • 56 slides
Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Seminar: Future Of Web Search University of Saarland Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood Tutor : Klaus Berberich Date : 17-Jan-2008 The Agenda Focus of the First Paper

1.22k views • 53 slides
CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless Fingerprinting 2 EFF

CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless Fingerprinting 2 EFF

CO 447 | LEC6 BLOCKCHAIN SECURITY Dr. Benjamin Livshits Stateless Fingerprinting 2 EFF Fingerprinting Tester https://panopticlick.eff.org 3 Panopticlick Testing 4 IE Brave Fingerprinting Components 5

1.28k views • 78 slides
spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian Developer since 2003 Listmaster Alioth Admin Maintainer of packages like iproute, icinga, nagios and a lot of other useless stu ff

219 views • 20 slides
Acoustic Fingerprinting Soundz Jake Runzer June 28, 2018 Jake Runzer Acoustic Fingerprinting

Acoustic Fingerprinting Soundz Jake Runzer June 28, 2018 Jake Runzer Acoustic Fingerprinting

Acoustic Fingerprinting Soundz Jake Runzer June 28, 2018 Jake Runzer Acoustic Fingerprinting June 28, 2018 1 / 35 Outline What is Acoustic Fingerprinting 1 Fingerprinting for Music Identification 2 Spectrograms 3 History 4 My

743 views • 35 slides
Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee Institute of Computer Science, University of Tartu Overview Spam is Evil ML for Spam Filtering: General Idea, Problems. Some Algorithms Nave Bayesian

391 views • 35 slides
Exploring Linguistic Features for Web Spam Detection A Preliminary Study Jakub Piskorski 1 Marcin

Exploring Linguistic Features for Web Spam Detection A Preliminary Study Jakub Piskorski 1 Marcin

Exploring Linguistic Features for Web Spam Detection A Preliminary Study Jakub Piskorski 1 Marcin Sydow 2 Dawid Weiss 3 1 Joint Research Centre of the European Commission, Ispra, Italy 2 Web Mining Lab, Polish-Japanese Institute of Information

259 views • 24 slides
Spamming Botnets: Signatures and Characteristics

Spamming Botnets: Signatures and Characteristics

Spamming Botnets: Signatures and Characteristics

396 views • 18 slides
Web Search Basics Introduction to Information Retrieval INF 141/ CS 121 Donald J. Patterson

Web Search Basics Introduction to Information Retrieval INF 141/ CS 121 Donald J. Patterson

Web Search Basics Introduction to Information Retrieval INF 141/ CS 121 Donald J. Patterson Content adapted from Hinrich Schtze http://www.informationretrieval.org Overview Overview Introduction Classic Information Retrieval Web

493 views • 28 slides
+ Collective Spammer Detection in Evolving Multi-Relational Social Networks Shobeir Fakhraei

+ Collective Spammer Detection in Evolving Multi-Relational Social Networks Shobeir Fakhraei

+ Collective Spammer Detection in Evolving Multi-Relational Social Networks Shobeir Fakhraei (University of Maryland) James Foulds (University of California, Santa Cruz) Madhusudana Shashanka (if(we) Inc., Currently Niara Inc.) Lise Getoor

803 views • 65 slides
Bias, Fairness, Accountability, and Transparency in Machine Learning CS 115 Computing for the

Bias, Fairness, Accountability, and Transparency in Machine Learning CS 115 Computing for the

Bias, Fairness, Accountability, and Transparency in Machine Learning CS 115 Computing for the Socio-Techno Web Instructor: Brian Brubach Announcements Adjustment to deadline schedule Assignment 5 due Tuesday Project milestone 4 due

845 views • 22 slides
Email Spam and the Ethics of An3spam measures Behrooz

Email Spam and the Ethics of An3spam measures Behrooz

Email Spam and the Ethics of An3spam measures Behrooz Sangchoolie Chalmers PhD Course in Ethics and Philosophy of Compu3ng 2015 What is an

383 views • 23 slides
Exploring Python Bytecode @AnjanaVakil EuroPython 2016 Hi! Im Anjana, and Im a Pythoholic

Exploring Python Bytecode @AnjanaVakil EuroPython 2016 Hi! Im Anjana, and Im a Pythoholic

Exploring Python Bytecode @AnjanaVakil EuroPython 2016 Hi! Im Anjana, and Im a Pythoholic The Recurse Center a Python puzzle... 1 # outside_fn.py 1 # inside_fn.py 2 for i in range(10**8): 2 def run_loop(): 3 i 3 for i in

488 views • 36 slides
CIS4930/5930: Machine Learning Introduction to ML Alan Kuhnle Florida State University Slides

CIS4930/5930: Machine Learning Introduction to ML Alan Kuhnle Florida State University Slides

CIS4930/5930: Machine Learning Introduction to ML Alan Kuhnle Florida State University Slides adapted from Mehryar Mohri This Lecture Basic definitions and concepts x Introduction to the problem of learning Probability tools

462 views • 20 slides

More recommend