madfraud:investigting Ad fraud in Android applications
This paper focuses on the fake clicks of ads on Android phones. and an automatic monitoring system was made.
Ad fraud types of bogus clicks
Fraudulent AD behaviors
1 Requesfng ads While the app was in the background
2 Clicking on ads without user In-teracfon. (lucrative)
2.1 Generate a touch event on the ad
2.2 Extract the click URL, and then make a HTTP request to the click URL
Methods of HowTo Detect monitoring
Three Steps
1. Building HTTP Request Trees
2. Classify ad request pages using machine learning
3. Finding Impressions and Clicks
System environment, experimental method
Similar to black box testing
1, run 130,339 apps, run on Android virtual machine
2, just open, do not interoperate with the app (defect)
3, let the app run in the foreground for 60 seconds, then run in the background for 60 seconds
4, packet capture analysis of virtual machine's network data
Building HTTP Request Trees
Node
HTML page is the root
STAFC Resources is the children.
Three Rule
1. referrer field URL > requested URL
2. Locafon header URL > redirected URL
3. Response Body URLs > all the URLs
Request Trees
The requested page, along with the returned page, returns the link contained in the page. Make up the request tree above.
Classify ad request pages using machine learning
Features Classification of important attributes
Features from three sources:
1. From query parameters
2. From Request trees
3. From HTTP headers
1, from query parameters Www.qumiAd.com?id=123&type=1&Fme=12:00&locaFon .....
2. From Request trees
Node Height,subtree height,number of children .....
3. From HTTP headers
Length of Requests,length of replies
Classification criteria
manually acquired top-level domain-------- ARQ (AD requests)
Other requests-------- NARQ (not ad requests)
Classification accuracy rate such as
The data set of Narq is relatively large, and the smote is used to deal with it.
Survey results
1,background Impressions
91,784 in 12,421 Apps
Is it an ad provider or a developer behavior?
2, click fraud59 in Apps
All the detected clicks are bogus clicks, and the author makes a manual check on the fake clicks and further studies the bogus clicks.
Finding Impressions and Clicks
Reselling
Resale, this when there is an opportunity on the mobile phone, if there is no suitable ads on the platform, to notify other advertising providers, if more than one advertiser response, you need to bid. Bid high bidder.
Aggregation platform. Let each ad platform bid. (......)
System defects
1, some apps do not appear on the homepage ads, may need to open other pages
2, advertising platform monitoring for virtual machine run, refused to push ads
3, all the experimental requests are on a static IP, may be blocked by the server
-----------------------------------------------------------
System value, for thousands of impressions of the click conversion rate is generally around 3, if you can remove false clicks of 30%, conversion rate can be increased to 0.3%/0.7 = 0.42% increased by 1.2. have commercial value.
Learn about the relationship between mobile advertising, the ecology, advertisers, advertising platforms, and developers. Three are cooperation, trust, there are conflicts, deception. Ad fraud is a manifestation. This system can detect a part of the fake app, but for the advertising platform for developers to deceive, such as reducing the actual display clicks, such a system can promote fairness between the three, there is also the value of research. At the same time, advertisers also need third-party supervision between the advertising platform.
-----------------------------------------------------------
"1" J. Crussell, R. Stevens, H. Chen, "madfraud:investigating ad fraud in Android Applications", Proceedings of AC M Mobisys,.
Research on false clicks of Android ads Madfraud a detection system