Jump to content

Hit inflation attack: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Lydia546 (talk | contribs)
Create new page
 
Lydia546 (talk | contribs)
No edit summary
Line 12: Line 12:


== References ==
== References ==
----
[1]V. Anupam, A. Mayer, K. Nissim, B. Pinkas, and M. Reiter. On
[1]V. Anupam, A. Mayer, K. Nissim, B. Pinkas, and M. Reiter. On
the Security of Pay-Per-Click and OtherWeb Advertising Schemes.
the Security of Pay-Per-Click and OtherWeb Advertising Schemes.
In Proceedings of the 8th WWW International World Wide Web
In Proceedings of the 8th WWW International World Wide Web
Conference, pages 1091–1100, 1999.
Conference, pages 1091–1100, 1999.

[2]A. Metwally, D. Agrawal, and A. El Abbadi. Efficient Computation
[2]A. Metwally, D. Agrawal, and A. El Abbadi. Efficient Computation
of Frequent and Top-k Elements in Data Streams. In Proceedings
of Frequent and Top-k Elements in Data Streams. In Proceedings

Revision as of 09:44, 31 October 2006

Hit Inflation Attack is a kind of fraudulent skill used by some advertisement publishers' to earn unjustified revenue on the traffic they drive to the advertisers’ Web sites.

This process involves the collaboration of two counterparts, a dishonest publisher, P, and a dishonest Web Site S. Wedpages on S have a script that redirects the customer to publisher P's website, and this process is hidden from the customer. So, when User U retrieves a page on S site, which would simulate a click or request to pages on P site. At P's side, it has two kinds of webpages: a manipulated version, and a original version. The manipulated version will simulates a click or request to the advertisement, causing publisher P to be credited for the click-through. P selectively determines whether to load the manipulated and thus fraudulent script to the Users' browser by checking if it was from web site S. And this can be done through the Referer field, that specifies the site from which the link to P was obtained. All requests from S will be loaded the manipulated script, and thus the automatic and hidden request be sent.

This attack will silently convert every innocent visit to S to a click on the advertisement in P’s page. Even worse, P have collaboration with several dishonest Web sites, each of which can be in collaboration with several dishonest publishers. If the advertisement commissioner visits the Web site of P, the non-fraudulent page will be displayed, and thus P cannot be accused of being fraudulent. Without a reason for suspecting that such collaboration exist, the advertisement commissioner has to inspect all the Internet sites to detect such attacks, which is infeasible.

This hit inflation attack scenario was described in [1], and in [2], a proper way by using association rules to find this fraud is discussed

The click-through-rate of a publisher is the number of customers who click advertisements on the publisher’s Web page, as a ratio of all the customers who visit the Web page.

References

[1]V. Anupam, A. Mayer, K. Nissim, B. Pinkas, and M. Reiter. On the Security of Pay-Per-Click and OtherWeb Advertising Schemes. In Proceedings of the 8th WWW International World Wide Web Conference, pages 1091–1100, 1999.

[2]A. Metwally, D. Agrawal, and A. El Abbadi. Efficient Computation of Frequent and Top-k Elements in Data Streams. In Proceedings of the 10th ICDT International Conference on Database Theory, pages 398–412, 2005. An extended version appeared as a University of California, Santa Barbara, Department of Computer Sciemce, technical report 2005-23.