No Please, After You: Detecting Fraud in Affiliate Marketing Networks Peter Snyder and Chris Kanich University of Illinois at Chicago Chicago, Illinois, USA {psnyde2,ckanich}@uic.edu ABSTRACT Online affiliate marketing is a commercial system in which an online retailer attempts to increase traffic to their site— Cookie stuffing is an activity which allows unscrupulous and hopefully their sales—by compensating third parties to actors online to defraud affiliate marketing programs by promote the retailer’s goods and services. Many large online causing themselves to receive credit for purchases made by businesses run affiliate marketing programs, with some of web users, even if the affiliate marketer did not actively the largest run by Amazon.com[9], GoDaddy[4], eBay[7] and perform any marketing for the affiliate program. Using two WalMart[22]. months of HTTP request logs from a large public university, As with any type of commerce, dishonest parties try to we present an empirical study of fraud in affiliate marketing subvert the initial intent of the market for person gain. Affil- programs. First, we develop an efficient, decision-tree based iate marketing fraud occurs when a dishonest party hacks technique for detecting cookie-stuffing in HTTP request logs. a website, leaves a spam comment, or simply adds some code Our technique replicates domain-informed human labeling of to an unrelated page which causes visitors to also visit the the same data with 93.3% accuracy. Second, we find that over fraudster’s affiliate link. Online retailers then pay the most one-third of publishers in affiliate marketing programs use recent affiliate for generating any successive sales, even if fraudulent cookie-stuffing techniques in an attempt to claim the user was completely unaware of loading the fraudster’s credit from online retailers for illicit referrals. However, most affiliate link. This fraud has the potential not only to provide realized conversions are credited to honest publishers. Finally, substantial revenue to the fraudster, but can also cause the we present a stake holder analysis of affiliate marketing fraud affiliate program to pay a commission when no legitimate and find that the costs and rewards of affiliate marketing advertising was happening. program are spread across all parties involved in affiliate Most damaging, however would be the effect on the revenue marketing programs. model itself: because only the most recent affiliate gets credited for each sale, sufficiently successful attackers could Categories and Subject Descriptors reduce the revenue for legitimate affiliate advertisers so much that the entire business model no longer works, putting both J.m [ Computer Applications ]: Miscellaneous those free sites out of business and further limiting the ways in ; K.4.4 [ Computers and Society ]: Electronic Commerce which free content can be subsidized online. Understanding the technical methods that these attackers use, as well as Keywords how damaging they actually are to the business model, is key to understanding the full effects of affiliate marketing web security; cybercrime; economics of cybercrime fraud. In the course of investigating this phenomenon, this paper General Terms makes three contributions. First, we describe an automated technique for detecting affiliate marketing fraud based on an- affiliate marketing fraud, cookie-stuffing alyzing HTTP request headers with approximately 93.3% ac- curacy. Second, we provide measurements of how frequently 1. INTRODUCTION affiliate marketing fraud occurs relative to valid affiliate mar- Despite the size of the online display advertising market, keting activities. And third, we provide an analysis of the there are still alternative revenue opportunities for free-to- costs and benefits of affiliate marketing fraud, and find that access web services. Along with models like freemium and the benefits and costs of affiliate marketing fraud are spread crowdfunding, affiliate advertising is a prevalent method among all parties involved in affiliate marketing programs. of creating revenue for a free website. As with any online revenue generation scheme, there are opportunities for bad 2. RELATED WORK actors on the Internet to defraud affiliate networks for what is potentially a substantial sum. What we don’t yet under- Our work exists alongside a wealth of research into the stand, however, is how prevalent, successful, or damaging role of cybercrime and fraud in online economic activity. To this fraud is. Understanding its effect on the market can name several examples, Dave et al. [6] developed a successful inform technical solutions to the problem as well as provide method for detecting click-fraud in advertising networks by motivation for how many resources should be committed to looking for publishers who deviate from an expected baseline finding solutions. profit-per-user. Clayton and Mansfield[3] investigated the
Recommend
More recommend
