Dissecting Click Fraud Autonomy in the Wild

Although the use of pay-per-click mechanisms stimulates the prosperity of the mobile advertisement network, fraudulent ad clicks result in huge financial losses for advertisers. Extensive studies identify click fraud according to click/traffic patterns based on dynamic analysis. However, in this study, we identify a novel click fraud, named humanoid attack, which can circumvent existing detection schemes by generating fraudulent clicks with similar patterns to normal clicks. We implement the first tool ClickScanner to detect humanoid attacks on Android apps based on static analysis and variational AutoEncoders (VAEs) with limited knowledge of fraudulent examples. We define novel features to characterize the patterns of humanoid attacks in the apps' bytecode level. ClickScanner builds a data dependency graph (DDG) based on static analysis to extract these key features and form a feature vector. We then propose a classification model only trained on benign datasets to overcome the limited knowledge of humanoid attacks. We leverage ClickScanner to conduct the first large-scale measurement on app markets (i.e., 120,000 apps from Google Play and Huawei AppGallery) and reveal several unprecedented phenomena. First, even for the top-rated 20,000 apps, ClickScanner still identifies 157 apps as fraudulent, which shows the prevalence of humanoid attacks. Second, it is observed that the ad SDK-based attack (i.e., the fraudulent codes are in the third-party ad SDKs) is now a dominant attack approach. Third, the manner of attack is notably different across apps of various categories and popularities. Finally, we notice there are several existing variants of the humanoid attack. Additionally, our measurements demonstrate the proposed ClickScanner is accurate and time-efficient (i.e., the detection overhead is only 15.35% of those of existing schemes).

[1]  Gang Wang,et al.  Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines , 2020, USENIX Security Symposium.

[2]  Christopher Krügel,et al.  TriggerScope: Towards Detecting Logic Bombs in Android Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[3]  Heng Yin,et al.  Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps , 2017, NDSS.

[4]  Mohammad Zulkernine,et al.  FCFraud: Fighting Click-Fraud from the User Side , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[5]  Bobji Mungamuru,et al.  Competition and Fraud in Online Advertising Markets , 2008, Financial Cryptography.

[6]  Linhai Song,et al.  Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines , 2019, Internet Measurement Conference.

[7]  Sooel Son,et al.  The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud , 2021, NDSS.

[8]  Ryan Shah,et al.  Clicktok: click fraud detection using traffic analysis , 2019, WiSec.

[9]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[10]  Jacques Klein,et al.  FraudDroid: automated ad fraud detection for Android apps , 2017, ESEC/SIGSOFT FSE.

[11]  Yang Wang,et al.  Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral advertising , 2012, CHI.

[12]  Yang Wang,et al.  Smart, useful, scary, creepy: perceptions of online behavioral advertising , 2012, SOUPS.

[13]  Haoyu Wang,et al.  LibRadar: Fast and Accurate Detection of Third-Party Libraries in Android Apps , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[14]  Yong Guan,et al.  Detecting Click Fraud in Pay-Per-Click Streams of Online Advertising Networks , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[15]  Saikat Guha,et al.  Characterizing Large-Scale Click Fraud in ZeroAccess , 2014, CCS.

[16]  Jian Liu,et al.  LibD: Scalable and Precise Third-Party Library Detection in Android Markets , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[17]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[18]  Hamed Haddadi,et al.  Fighting online click-fraud using bluff ads , 2010, CCRV.

[19]  Angelos Stavrou,et al.  Click Fraud Detection on the Advertiser Side , 2014, ESORICS.

[20]  Shahid Alam,et al.  DyDroid: Measuring Dynamic Code Loading and Its Security Implications in Android Applications , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[21]  Xiaohui Liang,et al.  Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks , 2017, NDSS.

[22]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, SIGCOMM '12.

[23]  Gang Wang,et al.  Northeastern University , 2021, IEEE Pulse.

[24]  Jie Liu,et al.  DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps , 2014, NSDI.

[25]  Ryan Stevens,et al.  MAdFraud: investigating ad fraud in android applications , 2014, MobiSys.

[26]  Jacques Klein,et al.  An Investigation into the Use of Common Libraries in Android Apps , 2015, 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[27]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[28]  Wei Dong,et al.  AdSherlock: Efficient and Deployable Click Fraud Detection for Mobile Applications , 2020 .

[29]  Hyoungshick Kim,et al.  An Empirical Study of Click Fraud in Mobile Advertising Networks , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[30]  Hiroshi Mori,et al.  Evaluating Malware Mitigation by Android Market Operators , 2016, CSET @ USENIX Security Symposium.

[31]  Sanglu Lu,et al.  ClickGuard: Exposing Hidden Click Fraud via Mobile Sensor Side-channel Analysis , 2020, ICC 2020 - 2020 IEEE International Conference on Communications (ICC).

[32]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[33]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[34]  Gong Chen,et al.  Revisiting Mobile Advertising Threats with MAdLife , 2019, WWW.

[35]  Yi Zhu,et al.  Click Fraud , 2009, Mark. Sci..

[36]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).