'Viceroi' algorithm improves detection of click fraud

Researchers have found a better way to pick out bad clicks by looking at per-user ad revenue

A group of researchers have devised an algorithm they say could help advertising networks better detect fraudulent clicks.

Fraudsters have developed sophisticated ways to perpetrate click fraud, which involves using various methods to generate fake clicks on advertisements, defrauding advertisers. Digital marketing revenues are rapidly growing and exceeded US$36 billion in 2012 in the U.S., according to the Interactive Advertising Bureau.

Advertising networks are secretive about the technologies they use to stop click spam. Often, it involves filtering out attacks, such as if thousands of clicks on an advertisement are coming from a single IP address. But defensive moves still miss attacks, wasting advertisers' money.

The researchers' algorithm, called Viceroi, is free and can be used by advertising networks. Viceroi looks for publishers who have abnormally high per-user revenues, which may be an indication of fraud. For their experiment, Viceroi was tested with a major ad network, flagging several hundred publishers as suspects out of tens of thousands, according to their research paper.

Vacha Dave, a post-doctoral researcher at the University of California at San Diego and co-author of the paper, said in interview Thursday that per-user revenue rates at some publishers were way higher than those collected by Google or Microsoft.

Viceroi works because of the economics of click spam. In one variation of the fraud, a click spammer may pay someone else a per-install fee to distribute a dodgy search toolbar designed to direct people to their advertisements.

The toolbar's search results page is stuffed with advertisements since the click spammer wants to exploit the user as much as possible before the tool is uninstalled. But the rising per-user revenue on a publisher's site would be spotted by Viceroi.

To beat Viceroi, the "click spammers must reduce their per-user revenue to that of an ethical publisher. At which point, without the economic incentive to offset the risk of getting caught, the net effect is a disincentive to commit click spam," the paper said.

Not all publishers are necessarily at fault if they have abnormally high per-user revenues. There is a lot of traffic brokering on the Internet, and it is often hard to tell where user traffic originated from, said Saikat Guha of Microsoft Research India, who co-authored the paper. Advertising networks learn from Viceroi which publishers to investigate.

"Some of the publishers are definitely being take advantage of," Guha said. "Our job is to help them find the bad traffic."

The research paper, also authored by Yin Zhang of the University of Texas at Austin, will be presented at the ACM Conference on Computer and Communications Security in Berlin, which will be held Nov. 4-8.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesno companysecurityinternet

More about GoogleInteractiveInteractive Advertising BureauMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place