Understanding the Detection of View Fraud in Video Content Portals

While substantial effort has been devoted to understand fraudulent activity in traditional online advertising (search and banner), more recent forms such as video ads have received little attention. The understanding and identification of fraudulent activity (i.e., fake views) in video ads for advertisers, is complicated as they rely exclusively on the detection mechanisms deployed by video hosting portals. In this context, the development of independent tools able to monitor and audit the fidelity of these systems are missing today and needed by both industry and regulators. In this paper we present a first set of tools to serve this purpose. Using our tools, we evaluate the performance of the audit systems of five major online video portals. Our results reveal that YouTube's detection system significantly outperforms all the others. Despite this, a systematic evaluation indicates that it may still be susceptible to simple attacks. Furthermore, we find that YouTube penalizes its videos' public and monetized view counters differently, the former being more aggressive. This means that views identified as fake and discounted from the public view counter are still monetized. We speculate that even though YouTube's policy puts in lots of effort to compensate users after an attack is discovered, this practice places the burden of the risk on the advertisers, who pay to get their ads displayed.

[1]  Geoff Hulten,et al.  Spamming botnets: signatures and characteristics , 2008, SIGCOMM '08.

[2]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[3]  Yipeng Zhou,et al.  Fake View Analytics in Online Video Services , 2013, NOSSDAV.

[4]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[5]  Guanhua Yan,et al.  On the impact of social botnets for spam distribution and digital-influence manipulation , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[6]  Leyla Bilge,et al.  Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis , 2012, ACSAC '12.

[7]  Joseph B. Kadane,et al.  Using uncleanliness to predict future botnet addresses , 2007, IMC '07.

[8]  Marco Mellia,et al.  YouTube everywhere: impact of device and infrastructure synergies on user experience , 2011, IMC '11.

[9]  Marc Dacier,et al.  A strategic analysis of spam botnets operations , 2011, CEAS '11.

[10]  Vern Paxson,et al.  What's Clicking What? Techniques and Innovations of Today's Clickbots , 2011, DIMVA.

[11]  Ali Firdaus SQUID PROXY SERVER , 2014 .

[12]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, CCRV.

[13]  Paul Barford,et al.  Spatial-Temporal Characteristics of Internet Malicious Sources , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[14]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[15]  Divyakant Agrawal,et al.  Detectives: detecting coalition hit inflation attacks in advertising networks streams , 2007, WWW '07.

[16]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[17]  Katerina J. Argyraki,et al.  Optimal Source-Based Filtering of Malicious Traffic , 2012, IEEE/ACM Transactions on Networking.

[18]  Chris Kanich,et al.  No Please, After You: Detecting Fraud in Affiliate Marketing Networks , 2015, WEIS.

[19]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[20]  Gianluca Stringhini,et al.  BOTMAGNIFIER: Locating Spambots on the Internet , 2011, USENIX Security Symposium.

[21]  Minas Gjoka,et al.  Practical Recommendations on Crawling Online Social Networks , 2011, IEEE Journal on Selected Areas in Communications.

[22]  Fang Yu,et al.  Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[23]  Wenke Lee,et al.  Your Online Interests: Pwned! A Pollution Attack Against Targeted Advertising , 2014, CCS.

[24]  Brian Rexroad,et al.  Wide-Scale Botnet Detection and Characterization , 2007, HotBots.

[25]  Reza Rejaie,et al.  Unveiling the Incentives for Content Publishing in Popular BitTorrent Portals , 2013, IEEE/ACM Transactions on Networking.

[26]  Christopher Krügel,et al.  Understanding fraudulent activities in online ad exchanges , 2011, IMC '11.

[27]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[28]  Yipeng Zhou,et al.  Analysis and Detection of Fake Views in Online Video Services , 2015, ACM Trans. Multim. Comput. Commun. Appl..

[29]  Yin Zhang,et al.  ViceROI: catching click-spam in search ad networks , 2013, CCS.

[30]  Ramesh K. Sitaraman,et al.  Understanding the effectiveness of video ads: a measurement study , 2013, Internet Measurement Conference.

[31]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[32]  David M. Nicol,et al.  The Koobface botnet and the rise of social malware , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[33]  Dawn Xiaodong Song,et al.  Tracking Dynamic Sources of Malicious Activity at Internet Scale , 2009, NIPS.

[34]  Arturo Azcorra,et al.  TorrentGuard: Stopping scam and malware distribution in the BitTorrent ecosystem , 2014, Comput. Networks.

[35]  Gianluca Stringhini,et al.  The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape , 2014, AsiaCCS.

[36]  Kotagiri Ramamohanarao,et al.  Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring , 2004, NETWORKING.

[37]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.