This document discusses digital advertising fraud, including the types of fraud, who participates in it, how it works, and how it can be detected and prevented. Some key points:
- Fraud costs the digital advertising industry billions annually through fraudulent impressions and clicks. Various types of fraud include bot traffic, pixel stuffing, and ad stacking.
- Participants include hackers who create botnets, botnet operators based in Eastern Europe, and infected computer owners who are compromised without their knowledge.
- Fraud works by infecting computers with malware that creates bots controlled by botnets. The bots are instructed to generate fraudulent traffic and clicks.
- Detection examines behavioral patterns and signals at the impression level to identify
2. Fraudulent Impressions:
Source: Integral Ad Science based on ~80 bn impressions/month
Total Advertising: 14%
In 2013 over $6 billion dollars were pocketed by fraudsters!
An Advertising Industry Epidemic:
Everyone is affected
Exchanges: 13% Networks: 15%
Publisher Direct: 2%
3. Fraud: Why Does It Take Place?
Simple economics: Supply and Demand
3
3
1. Supply and Demand
2. Poorly defined success
metrics:
Eyeballs (CPM)
Action taken (CPC, CPA)
3. Because it’s cheap and
easy for hackers
4. 4
4
Back To The Basics
Digital Fraud Dictionary
Click fraud noun ˈklik frȯd imitation of legitimate click-through events
on advertisements with no interest in link target
Impression fraud noun ˈim-ˈpre-shəәn frȯd 1. imitation of legitimate
impression views with no interest in ad content. 2. Solicitation of
impressions with no opportunity to be viewed by a human
Bots noun ˈbäts a device or piece of software that can execute
commands, reply to messages, or perform routine tasks, or perform
routine tasks with minimum human intervention
Illegal bots noun (ˌ)i(l)-ˈlē-gəәlˈbäts computers that are compromised
and whose security defenses have been breached and control
conceded to a third party
Botnet: noun ˈbät net a collection of bots communicating with
command centers in order to perform tasks
Pixel stuffing: noun ˈpik-səәl ˈstəә-fiŋ stuffing an entire ad-supported
site into a 1x1 pixel
Ad stacking: noun ˈad ˈsta-kiŋ placing multiple ads on top of each
other in a single ad placement
What fraud is not:
• Web crawlers
• Poor viewability;
below the fold
• Collisions
• In-banner, auto-
play, muted video
5. Hacker:
Sex: Male
Age:18-35
Location: Eastern
Europe, Asia
Background: Good
computer skills
5
5
Who Are The Participants?
Profile
Botnet Operator:
Sex: Male
Age: 34+
Location: Eastern Europe
Characteristics: Disregard
of the law, confident, driven
by money
Typical Infected
Computer Owner:
Technologically challenged
Owns a dated computer
and software
Suburban, rural,
household without kids
Unlikely to own a smart
phone/tablet
6. 6
6
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
7. At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
7
7
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
8. communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
8
8
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
9. communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
9
9
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency.
10. communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
1
0
10
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency.
performed the script assigned by the botnet center through visiting high value audience sites
to profile Joe as an ideal candidate for advertisers.
According to instruction, Joe’s bot activated and
11. communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
1
1
11
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency.
performed the script assigned by the botnet center through visiting high value audience sites
to profile Joe as an ideal candidate for advertisers.
According to instruction, Joe’s bot activated and
The bot was also instructed to go to sites that sell
bot traffic that generate millions of fraudulent ads.
12. communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
1
2
12
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency.
performed the script assigned by the botnet center through visiting high value audience sites
to profile Joe as an ideal candidate for advertisers.
According to instruction, Joe’s bot activated and
The bot was also instructed to go to sites that sell
Meanwhile, the botnet operator sat back and
counted his money, and Joe…well he didn’t read this story. And they all lived happily ever after.
bot traffic that generate millions of fraudulent ads.
15. 1
5
15
So What Can We Do About It?
Fighting Back
Policing – FBI or private companies
Pros: Bringing the criminals to justice
Cons: Inefficient and ineffective – every botnet that is shut down is soon replaced by a new one
Technology – The only way to cut the flow of cash
Black lists – When fraud is detected a site is added to a blacklist
Pros: Reactively shuts down supply to fraudsters
Cons: Lists are not updated frequently
Impression level detection and prevention
Pros: Proactively shuts down supply to fraudsters;
Detection at the impression level allows for scale
Dynamic
16. 1
6
16
How Is Fraud Detected?
First we look at behavioral patterns
We flag the following non-human signals:
Cookies that are deleted at the end of activity cycle
Intense activity
Reoccurring activities patterns/levels
At this point: some bots are detected, others are
able to go undetected
Next – we look at each impression
• Signals that are atypical for a human
• Density of page loads
• Density of page visits
• Atypical distribution of browsers
• Browser spoofing
• Conflicting measurement results
• Was the impression traded in a suspicious way
Cross-validate all of the above and
determine validity of signals and patterns
Behavioral Pattern
Bot
…or not
17. 1
7
17
So Who Is To Blame?
Innocent bystanders:
Legitimate advertisers
and publishers
Guilty:
Botnet operators
Those who knowingly
buy/sell bot traffic
18. 1
8
18
How Is The Industry Dealing With Fraud?
Proactive
Passive
Pretend the problem
doesn’t exist
Knowingly or unknowingly buy and sell bot traffic
Able to eliminate
some of the bot traffic
Eliminate all bot trafficAre serious about fraud:
• Use cutting edge technology to
vet 100% of inventory
Partially address the problem:
• Use a subpar solution
• Run the technology only on part of
the inventory
19. 1
9
19
The Integral Ad Science Solution
Proactively Block Fraud
Benefits:
– Proactively block fraud before the ad is served
– Dynamic data used to cross reference fraud signals
– Not relying on outdated, rarely updated black lists
– Pre-bid fraud solution prevents bidding on fraudulent inventory