FCFraud: Fighting Click-Fraud from the User Side.

Abstract

Pay-Per-Click (PPC) ad networks charge advertisers for every click on their ads. Click-fraud happens when a user or an automated software clicks on an ad with a malicious intent and advertisers need to pay for those valueless clicks. Click-fraud has been proved to be a serious problem for the online advertisement industry. Although it has attracted much attention from the security community, the direct victims of click-fraud, the advertisers, still lack confidence in the click-fraud detection techniques. Among many forms of click-fraud, botnets with the automated clickers are the most severe ones. In this paper, we present a technique for detecting automated clickers from the user side. Normal internet users are victimized by malicious attackers (e.g., bot-master of a botnet) and the attackers infect and use their machines to defraud advertisers. We propose a technique to Fight Click-Fraud, FCFraud, which can be integrated into the operating system. Since most modern operating systems already provide some kind of anti-malware service, our proposed technique can be implemented with a negligible overhead. We believe that an effective protection at the operating system level can save billions of dollars of the advertisers. Experiments show that FCFraud is 99.6% accurate in classifying ad requests from all user processes and it is 100% successful in finding the fraudulent processes.

Publication
In Proceedings of the 16th International Symposium on High Assurance Systems Engineering (HASE), IEEE
Date