Measuring and Fingerprinting Click-spam in Ad Networks

Vacha Dave, Ph.D. Student at the University of Texas at Austin

Abstract

Vacha Dave

Advertising plays a vital role in supporting free websites and smartphone apps. Click-spam, i.e., fraudulent or invalid clicks on online ads where the user has no actual interest in the advertiser’s site, results in advertising revenue being misappropriated by click-spammers. While ad networks take active measures to block click-spam today, the effectiveness of these measures is largely unknown. Moreover, advertisers and third parties have no way of independently estimating or defending against click-spam. In this paper, we take the first systematic look at click-spam. We propose the first methodology for advertisers to independently measure click-spam rates on their ads. We also develop an automated methodology for ad networks to proactively detect different simultaneous click-spam attacks. We validate both methodologies using data from major ad networks. We then conduct a large-scale measurement study of click-spam across ten major ad networks and four types of ads. In the process, we identify and perform in-depth analysis on seven ongoing click-spam attacks not blocked by major ad networks at the time of this writing. Our findings highlight the severity of the click-spam problem, especially for mobile ads.

Bio

Vacha Dave is a Ph.D. student at the University of Texas at Austin. She has looked at the click-spam problem for two years and hates publishers who steal money from mom-and-pop advertisers and is out to clean them up. In a previous incarnation, she has worked in other areas of networks like Social networks and even dabbled a bit in wireless.