Research on false clicks of Android ads Madfraud a detection system

madfraud:investigting Ad fraud in Android applications

This paper focuses on the fake clicks of ads on Android phones. and an automatic monitoring system was made.

Ad fraud types of bogus clicks

Fraudulent AD behaviors

1 Requesfng ads While the app was in the background

2 Clicking on ads without user In-teracfon. (lucrative)

2.1 Generate a touch event on the ad

2.2 Extract the click URL, and then make a HTTP request to the click URL

Methods of HowTo Detect monitoring

Three Steps

1. Building HTTP Request Trees
2. Classify ad request pages using machine learning

3. Finding Impressions and Clicks

System environment, experimental method

Similar to black box testing

1, run 130,339 apps, run on Android virtual machine

2, just open, do not interoperate with the app (defect)

3, let the app run in the foreground for 60 seconds, then run in the background for 60 seconds

4, packet capture analysis of virtual machine's network data

Building HTTP Request Trees

Node

HTML page is the root

STAFC Resources is the children.

Three Rule

1. referrer field URL > requested URL

2. Locafon header URL > redirected URL

3. Response Body URLs > all the URLs

Request Trees

The requested page, along with the returned page, returns the link contained in the page. Make up the request tree above.

Classify ad request pages using machine learning

Features Classification of important attributes

Features from three sources:

1. From query parameters

2. From Request trees

3. From HTTP headers

1, from query parameters Www.qumiAd.com?id=123&type=1&Fme=12:00&locaFon .....

2. From Request trees
Node Height,subtree height,number of children .....

3. From HTTP headers
Length of Requests,length of replies

Classification criteria

manually acquired top-level domain-------- ARQ (AD requests)

Other requests-------- NARQ (not ad requests)

Classification accuracy rate such as

The data set of Narq is relatively large, and the smote is used to deal with it.

Survey results

1,background Impressions

91,784 in 12,421 Apps
Is it an ad provider or a developer behavior?

2, click fraud59 in Apps

  All the detected clicks are bogus clicks, and the author makes a manual check on the fake clicks and further studies the bogus clicks.

Finding Impressions and Clicks

Reselling

Resale, this when there is an opportunity on the mobile phone, if there is no suitable ads on the platform, to notify other advertising providers, if more than one advertiser response, you need to bid. Bid high bidder.

Aggregation platform. Let each ad platform bid. (......)

System defects

1, some apps do not appear on the homepage ads, may need to open other pages

2, advertising platform monitoring for virtual machine run, refused to push ads

3, all the experimental requests are on a static IP, may be blocked by the server

-----------------------------------------------------------

System value, for thousands of impressions of the click conversion rate is generally around 3, if you can remove false clicks of 30%, conversion rate can be increased to 0.3%/0.7 = 0.42% increased by 1.2. have commercial value.

Learn about the relationship between mobile advertising, the ecology, advertisers, advertising platforms, and developers. Three are cooperation, trust, there are conflicts, deception. Ad fraud is a manifestation. This system can detect a part of the fake app, but for the advertising platform for developers to deceive, such as reducing the actual display clicks, such a system can promote fairness between the three, there is also the value of research. At the same time, advertisers also need third-party supervision between the advertising platform.

-----------------------------------------------------------

"1" J. Crussell, R. Stevens, H. Chen, "madfraud:investigating ad fraud in Android Applications", Proceedings of AC M Mobisys,.

Research on false clicks of Android ads Madfraud a detection system