Click Fraud Detection on the Advertiser Side

  • Haitao Xu
  • Daiping Liu
  • Aaron Koehl
  • Haining Wang
  • Angelos Stavrou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)


Click fraud—malicious clicks at the expense of pay-per-click advertisers—is posing a serious threat to the Internet economy. Although click fraud has attracted much attention from the security community, as the direct victims of click fraud, advertisers still lack effective defense to detect click fraud independently. In this paper, we propose a novel approach for advertisers to detect click frauds and evaluate the return on investment (ROI) of their ad campaigns without the helps from ad networks or publishers. Our key idea is to proactively test if visiting clients are full-fledged modern browsers and passively scrutinize user engagement. In particular, we introduce a new functionality test and develop an extensive characterization of user engagement. Our detection can significantly raise the bar for committing click fraud and is transparent to users. Moreover, our approach requires little effort to be deployed at the advertiser side. To validate the effectiveness of our approach, we implement a prototype and deploy it on a large production website; and then we run 10-day ad campaigns for the website on a major ad network. The experimental results show that our proposed defense is effective in identifying both clickbots and human clickers, while incurring negligible overhead at both the server and client sides.


Click Fraud Online Advertising Feature Detection 


  1. 1.
  2. 2.
  3. 3.
    Daswani, N., Stoppelman, M.: The anatomy of clickbot.a. In: Proceedings of the Workshop on Hot Topics in Understanding Botnets (2007)Google Scholar
  4. 4.
    Dave, V., Guha, S., Zhang, Y.: Measuring and fingerprinting click-spam in ad networks. In: Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication (2012)Google Scholar
  5. 5.
    Miller, B., Pearce, P., Grier, C., Kreibich, C., Paxson, V.: What’s clicking what? techniques and innovations of today’s clickbots. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 164–183. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Alrwais, S.A., Dun, C.W., Gupta, M., Gerber, A., Spatscheck, O., Osterweil, E.: Dissecting ghost clicks: Ad fraud via misdirected human clicks. In: Proceedings of the Annual Computer Security Applications Conference (2012)Google Scholar
  7. 7.
    Li, Z., Zhang, K., Xie, Y., Yu, F., Wang, X.: Knowing your enemy: Understanding and detecting malicious web advertising. In: Proceedings of the ACM Conference on Computer and Communications Security (2012)Google Scholar
  8. 8.
    Metwally, A.: Sleuth: Single-publisher attack detection using correlation hunting. In: Proceedings of the International Conference on Very Large Data Bases (2008)Google Scholar
  9. 9.
    Metwally, A.: Detectives: Detecting coalition hit inflation attacks in advertising networks streams. In: Proceedings of the International Conference on World Wide Web (2007)Google Scholar
  10. 10.
    Metwally, A., Agrawal, D., Abbadi, A.E.: Duplicate detection in click streams. In: Proceedings of the International Conference on World Wide Web (2005)Google Scholar
  11. 11.
    Haddadi, H.: Fighting online click-fraud using bluff ads. In: ACM SIGCOMM Computer Communication Review (2010)Google Scholar
  12. 12.
    Daswani, N., Mysen, C., Rao, V., Weis, S., Gharachorloo, K., Ghosemajumder, S.: Online advertising fraud. In: Crimeware: Understanding New Attacks and Defenses. Addison-Wesley Professional (2008)Google Scholar
  13. 13.
  14. 14.
  15. 15.
  16. 16.
    Dave, V., Guha, S., Zhang, Y.: Viceroi: Catching click-spam in search ad networks. In: Proceedings of ACM Conference on Computer and Communications Security (2013)Google Scholar
  17. 17.
  18. 18.
  19. 19.
  20. 20.
  21. 21.
    Quinlan, J.: C4.5: Programs for machine learning. Morgan Kaufmann Publishers (1993)Google Scholar
  22. 22.
  23. 23.
    Eckersley, P.: How unique is your web browser? In: Proceedings of the Privacy Enhancing Technologies Symposium (2010)Google Scholar
  24. 24.
    Yen, T.-F., Huang, X., Monrose, F., Reiter, M.K.: Browser fingerprinting from coarse traffic summaries: Techniques and implications. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 157–175. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Schulte, B., Andrianakis, H., Sun, K., Stavrou, A.: Netgator: Malware detection using program interactive challenges. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 164–183. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Haitao Xu
    • 1
  • Daiping Liu
    • 1
  • Aaron Koehl
    • 1
  • Haining Wang
    • 1
  • Angelos Stavrou
    • 2
  1. 1.College of William and MaryWilliamsburgUSA
  2. 2.George Mason UniversityFairfaxUSA

Personalised recommendations