Measuring and Fingerprinting Click-Spam in Ad Networks

Vacha Dave, Saikat Guha, and Yin Zhang

Proceedings of the ACM Special Interest Group on Data Communication (SIGCOMM) 2012.

View PDF or BibTeX.

Security, Networking

Advertising plays a vital role in supporting free websites and smart- phone apps. Click-spam, i.e., fraudulent or invalid clicks on online ads where the user has no actual interest in the advertiserís site, results in advertising revenue being misappropriated by click spammers. While ad networks take active measures to block click spam today, the effectiveness of these measures is largely unknown. Moreover, advertisers and third parties have no way of independently estimating or defending against click-spam. In this paper, we take the first systematic look at click-spam. We propose the first methodology for advertisers to independently measure click-spam rates on their ads. We also develop an automated methodology for ad networks to proactively detect different simultaneous click-spam attacks. We validate both methodologies using data from major ad networks. We then conduct a large-scale measurement study of click-spam across ten major ad networks and four types of ads. In the process, we identify and perform in-depth analysis on seven ongoing click-spam attacks not blocked by major ad networks at the time of this writing. Our findings highlight the severity of the click-spam problem, especially for mobile ads.