Database Reference
In-Depth Information
14.5.4.4 Performance Results .......................................................... 453
14.5.4.5 IP Size Distributions .......................................................... 453
14.5.4.6 Analysis of a Single Bucket ............................................... 454
14.5.4.7 Performance over Time ...................................................... 455
14.5.4.8 Overlap with Other Blacklists ............................................ 456
14.5.5 Flagging Entities ............................................................................... 456
14.5.5.1 Flagging Entities—System Overview ............................... 457
14.5.5.2 Combining Statistical Methods ......................................... 457
14.5.5.3 Performance Results .......................................................... 458
14.6 Related Work ................................................................................................460
14.6.1 Characterizing the Behavior of IPs ..................................................460
14.6.2 Traffic Anomaly Detection ...............................................................460
14.6.3 Detecting Abusive Click Traffic .......................................................460
14.7 Conclusion .................................................................................................... 461
References .............................................................................................................. 461
14.1 INTRODUCTION
Today, a large number of Internet services such as web search, web mail, maps,
and other web-based applications are highly available and provided free of charge.
Designing, deploying, and maintaining these services is expensive, but is only pos-
sible due to the revenue generated by Internet advertising, an industry that in 2011
generated over $31B [3] in the United States alone.
For the aforementioned reasons, detecting abusive ad clicks is a critical compo-
nent for the well being of numerous Internet services. Abusive click attacks refer
to the fraudulent activity of generating charges for online advertisers without a
real interest in the products advertised. Abusive clicks are the biggest threat to the
Internet advertising industry [9,14].
Generating abusive clicks can be classified into publishers' and advertisers'
attacks. Publishers' attacks use fake traffic in an attempt to increase publishers' rev-
enues from online advertising.* Advertisers' attacks aim at increasing the overall
amount of activities, such as impressions or clicks on competitors' ads. The main
objective here is throttling the competitors' exposure to the market, mainly by
depleting their advertising budgets.
Abusive clicks can be generated in many ways, using different network infra-
structures and levels of sophistication. Figure 14.1 depicts three publishers with
different types of traffic. Ads on the publisher sites thispagemakesmoney.com and
thispagetoo.com receive legitimate traffic, that is, users interested in the ads clicked
on them. Ads on thispagetoo.com also receive fake traffic. For instance, the publisher
may ask friends to repeatedly click on ads displayed on their site. Finally, in a more
sophisticated click attack, publisher iwontmakemoney.com hires a botnet to auto-
matically generate a large volume of fake traffic.
*
We will use the terms “fake,” “abusive,” and “fraudulent” interchangeably.
Search WWH ::
Custom Search