Security Games in Online Advertising: Can Ads Help Secure the Web?

Some ISPs are trying to become part of the online advertising market. Such ISPs either: (i) cooperate with online advertising entities (e.g., ad networks) by providing users’ private information to achieve better ad targeting in exchange for a share of the revenue, or (ii) modify the ad traffic on-the-fly such that they divert part of the online advertising revenue for themselves. This is a very important issue because online advertising is at the core of today’s business model and it fuels many “free” applications and services. We study this behavior using game theory to model the interactions between ISPs and ad networks, and we analyze the effects on the Web caused by ISPs taking part in online advertising. Our results show that if the users’ private information can improve ad targeting significantly and if ad networks do not have to pay a high share of revenue to the ISPs, ad networks and ISPs will cooperate to jointly provide targeted online ads. Otherwise, ISPs will divert part of the online ad revenue for themselves. In that case, if the diverted revenue is small, ad networks will not react. However, if their revenue loss is significant, the ad networks will invest into improving the security of the Web and protecting their ad revenue.

[1]  Neil Daswani,et al.  The Anatomy of Clickbot.A , 2007, HotBots.

[2]  Markus Jakobsson,et al.  Badvertisements: Stealthy Click-Fraud with Unwitting Accessories , 2006, J. Digit. Forensic Pract..

[3]  Jean C. Walrand,et al.  Competitive Cyber-Insurance and Internet Security , 2009, WEIS.

[4]  Hector Garcia-Molina,et al.  Should Ad Networks Bother Fighting Click Fraud? (Yes, They Should.) , 2008 .

[5]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[6]  Tadayoshi Kohno,et al.  Detecting In-Flight Page Changes with Web Tripwires , 2008, NSDI.

[7]  Jon Crowcroft,et al.  Net neutrality: the technical side of the debate: a white paper , 2007, CCRV.

[8]  Lawrence A. Gordon,et al.  A framework for using insurance for cyber-risk management , 2003, Commun. ACM.

[9]  Balachander Krishnamurthy,et al.  Cat and mouse: content delivery tradeoffs in web access , 2006, WWW '06.

[10]  Benjamin Edelman,et al.  Deterring Online Advertising Fraud through Optimal Payment in Arrears , 2009, Financial Cryptography.

[11]  United Kingdom Parliament,et al.  Anti-Terrorism, Crime and Security Act 2001 , 2001, The United Kingdom's Legal Responses to Terrorism.

[12]  Marc Lelarge,et al.  Economic Incentives to Increase Security in the Internet: The Case for Insurance , 2009, IEEE INFOCOM 2009.

[13]  Julien Freudiger,et al.  Securing Online Advertising , 2008 .

[14]  Andrew B. Whinston,et al.  An economic mechanism for better Internet security , 2008, Decis. Support Syst..

[15]  J. Prins Directive 2003/98/EC of the European Parliament and of the Council , 2006 .

[16]  Rainer Böhme,et al.  Cyber-Insurance Revisited , 2005, WEIS.

[17]  Benjamin Edelman Securing Online Advertising: Rustlers and Sheriffs in the New Wild West , 2008 .

[18]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.