Protecting Internet users from becoming victimized attackers of click‐fraud

Abstract

AbstractInternet users are often victimized by malicious attackers. Some attackers infect and use innocent users' machines to launch large‐scale attacks without the users' knowledge. One of such attacks is the click‐fraud attack. Click‐fraud happens in pay‐per‐click ad networks where the ad network charges advertisers for every click on their ads. Click‐fraud has been proved to be a serious problem for the online advertisement industry. In a click‐fraud attack, a user or an automated software clicks on an ad with a malicious intent and advertisers need to pay for those valueless clicks. Among many forms of click‐fraud, botnets with the automated clickers are the most severe ones. In this study, we present a method for detecting automated clickers from the user side. The proposed method to fight click‐fraud, FCFraud, can be integrated into the desktop and smart device operating systems. Since most modern operating systems already provide some kind of antimalware service, our proposed method can be implemented as a part of the service. We believe that an effective protection at the operating system level can save billions of dollars of the advertisers. Experiments show that FCFraud is 99.6% (98.2% in mobile ad library–generated traffic) accurate in classifying ad requests from all user processes and it is 100% successful in detecting clickbots in both desktop and mobile devices. We implement a cloud backend for the FCFraud service to save battery power in mobile devices. The overhead of executing FCFraud is also analyzed and we show that it is reasonable for both the platforms.