Follow the traffic: Stopping click fraud by disrupting the value chain

Advertising fraud, particularly click fraud, is a growing concern for the online advertising industry. The use of click bots, malware that automatically clicks on ads to generate fraudulent traffic, has steadily increased over the last years. While the security industry has focused on detecting and removing malicious binaries associated with click bots, a better understanding of how fraudsters operate within the ad ecosystem is needed to be able to disrupt it efficiently. This paper provides a detailed dissection of the advertising fraud scheme employed by Boaxxe, a malware specializing in click fraud. By monitoring its activities during a 7-month longitudinal study, we were able to create of map of the actors involved in the ecosystem enabling this fraudulent activity. We then applied a Social Network Analysis (SNA) technique to identify the key actors of this ecosystem that could be effectively influenced in order to maximize disruption of click-fraud monetization. The results show that it would be possible to efficiently disrupt the ability of click-fraud traffic to enter the legitimate market by pressuring a limited number of these actors. We assert that this approach would produce better long term effects than the use of take downs as it renders the ecosystem unusable for monetization.

[1]  Vern Paxson,et al.  Measurement and Analysis of Traffic Exchange Services , 2015, Internet Measurement Conference.

[2]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[3]  Tyler Moore,et al.  Concentrating Correctly on Cybercrime Concentration , 2015, WEIS.

[4]  Chris Kanich,et al.  No Please, After You: Detecting Fraud in Affiliate Marketing Networks , 2015, WEIS.

[5]  Saikat Guha,et al.  Characterizing Large-Scale Click Fraud in ZeroAccess , 2014, CCS.

[6]  Jaromír Horejší,et al.  NOTES ON CLICK FRAUD: AMERICAN STORY , 2014 .

[7]  Yin Zhang,et al.  ViceROI: catching click-spam in search ad networks , 2013, CCS.

[8]  Alexandre Gerber,et al.  Dissecting ghost clicks: ad fraud via misdirected human clicks , 2012, ACSAC '12.

[9]  Sean F. Everton Disrupting Dark Networks , 2012 .

[10]  GuhaSaikat,et al.  Measuring and fingerprinting click-spam in ad networks , 2012 .

[11]  David Décary-Hétu,et al.  The social network of hackers , 2012 .

[12]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, SIGCOMM '12.

[13]  Walter Willinger,et al.  Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference , 2011, IMC 2011.

[14]  Christopher Krügel,et al.  Understanding fraudulent activities in online ad exchanges , 2011, IMC '11.

[15]  Vern Paxson,et al.  What's Clicking What? Techniques and Innovations of Today's Clickbots , 2011, DIMVA.

[16]  S. Savage,et al.  Got traffic?: an evaluation of click traffic providers , 2011, WebQuality '11.

[17]  John McHugh,et al.  Sybil attacks as a mitigation strategy against the Storm botnet , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[18]  John McHugh,et al.  Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures? , 2008, ESORICS.

[19]  Hector Garcia-Molina,et al.  Should Ad Networks Bother Fighting Click Fraud? (Yes, They Should.) , 2008 .

[20]  Neil Daswani,et al.  The Anatomy of Clickbot.A , 2007, HotBots.

[21]  Stephen P. Borgatti,et al.  Identifying sets of key players in a social network , 2006, Comput. Math. Organ. Theory.