Understanding the Detection of View Fraud in Video Content Portals

While substantial effort has been devoted to understand fraudulent activity in traditional online advertising (search and banner), more recent forms such as video ads have received little attention. The understanding and identification of fraudulent activity (i.e., fake views) in video ads for advertisers, is complicated as they rely exclusively on the detection mechanisms deployed by video hosting portals. In this context, the development of independent tools able to monitor and audit the fidelity of these systems are missing today and needed by both industry and regulators. In this paper we present a first set of tools to serve this purpose. Using our tools, we evaluate the performance of the audit systems of five major online video portals. Our results reveal that YouTube's detection system significantly outperforms all the others. Despite this, a systematic evaluation indicates that it may still be susceptible to simple attacks. Furthermore, we find that YouTube penalizes its videos' public and monetized view counters differently, the former being more aggressive. This means that views identified as fake and discounted from the public view counter are still monetized. We speculate that even though YouTube's policy puts in lots of effort to compensate users after an attack is discovered, this practice places the burden of the risk on the advertisers, who pay to get their ads displayed.

[1]  Ali Firdaus SQUID PROXY SERVER , 2014 .

[2]  Christopher Krügel,et al.  Understanding fraudulent activities in online ad exchanges , 2011, IMC '11.

[3]  Gianluca Stringhini,et al.  BOTMAGNIFIER: Locating Spambots on the Internet , 2011, USENIX Security Symposium.

[4]  Divyakant Agrawal,et al.  Detectives: detecting coalition hit inflation attacks in advertising networks streams , 2007, WWW '07.

[5]  Gianluca Stringhini,et al.  The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape , 2014, AsiaCCS.

[6]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[7]  Joseph B. Kadane,et al.  Using uncleanliness to predict future botnet addresses , 2007, IMC '07.

[8]  Marco Mellia,et al.  YouTube everywhere: impact of device and infrastructure synergies on user experience , 2011, IMC '11.

[9]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[10]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[11]  Paul Barford,et al.  Spatial-Temporal Characteristics of Internet Malicious Sources , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[12]  Katerina J. Argyraki,et al.  Optimal Source-Based Filtering of Malicious Traffic , 2012, IEEE/ACM Transactions on Networking.

[13]  Dawn Xiaodong Song,et al.  Tracking Dynamic Sources of Malicious Activity at Internet Scale , 2009, NIPS.

[14]  Arturo Azcorra,et al.  TorrentGuard: Stopping scam and malware distribution in the BitTorrent ecosystem , 2014, Comput. Networks.

[15]  David E. Culler,et al.  PlanetLab: an overlay testbed for broad-coverage services , 2003, CCRV.

[16]  Yipeng Zhou,et al.  Analysis and Detection of Fake Views in Online Video Services , 2015, ACM Trans. Multim. Comput. Commun. Appl..

[17]  Kotagiri Ramamohanarao,et al.  Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring , 2004, NETWORKING.

[18]  Vern Paxson,et al.  What's Clicking What? Techniques and Innovations of Today's Clickbots , 2011, DIMVA.

[19]  Chris Kanich,et al.  No Please, After You: Detecting Fraud in Affiliate Marketing Networks , 2015, WEIS.

[20]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[21]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[22]  Geoff Hulten,et al.  Spamming botnets: signatures and characteristics , 2008, SIGCOMM '08.

[23]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[24]  Guanhua Yan,et al.  On the impact of social botnets for spam distribution and digital-influence manipulation , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[25]  Wenke Lee,et al.  Your Online Interests: Pwned! A Pollution Attack Against Targeted Advertising , 2014, CCS.

[26]  Yipeng Zhou,et al.  Fake View Analytics in Online Video Services , 2013, NOSSDAV.

[27]  Marc Dacier,et al.  A strategic analysis of spam botnets operations , 2011, CEAS '11.

[28]  David M. Nicol,et al.  The Koobface botnet and the rise of social malware , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[29]  Minas Gjoka,et al.  Practical Recommendations on Crawling Online Social Networks , 2011, IEEE Journal on Selected Areas in Communications.

[30]  Arturo Azcorra,et al.  Understanding the Detection of View Fraud in Video Content Portals , 2016, WWW.

[31]  Leyla Bilge,et al.  Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis , 2012, ACSAC '12.

[32]  Fang Yu,et al.  Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[33]  Brian Rexroad,et al.  Wide-Scale Botnet Detection and Characterization , 2007, HotBots.

[34]  Reza Rejaie,et al.  Unveiling the Incentives for Content Publishing in Popular BitTorrent Portals , 2013, IEEE/ACM Transactions on Networking.

[35]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, CCRV.

[36]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[37]  Yin Zhang,et al.  ViceROI: catching click-spam in search ad networks , 2013, CCS.

[38]  Ramesh K. Sitaraman,et al.  Understanding the effectiveness of video ads: a measurement study , 2013, Internet Measurement Conference.