Hit inflation attack: Difference between revisions
m Date/fix the maintenance tags using AWB |
m sp: a original→an original |
||
Line 2: | Line 2: | ||
'''Hit Inflation Attack''' is a kind of fraudulent skill used by some advertisement publishers' to earn unjustified revenue on the traffic they drive to the advertisers’ Web sites. It is more sophisticated and hard to detect than simple [[Inflation Attack]] |
'''Hit Inflation Attack''' is a kind of fraudulent skill used by some advertisement publishers' to earn unjustified revenue on the traffic they drive to the advertisers’ Web sites. It is more sophisticated and hard to detect than simple [[Inflation Attack]] |
||
This process involves the collaboration of two counterparts, a dishonest publisher, ''P'', and a dishonest Web Site ''S''. Wedpages on ''S'' have a script that redirects the customer to publisher ''P's'' website, and this process is hidden from the customer. So, when User ''U'' retrieves a page on ''S'' site, which would simulate a click or request to pages on ''P'' site. At ''P's'' side, it has two kinds of webpages: a manipulated version, and |
This process involves the collaboration of two counterparts, a dishonest publisher, ''P'', and a dishonest Web Site ''S''. Wedpages on ''S'' have a script that redirects the customer to publisher ''P's'' website, and this process is hidden from the customer. So, when User ''U'' retrieves a page on ''S'' site, which would simulate a click or request to pages on ''P'' site. At ''P's'' side, it has two kinds of webpages: a manipulated version, and an original version. The manipulated version will simulates a click or request to the advertisement, causing publisher ''P'' to be credited for the click-through. ''P'' selectively determines whether to load the manipulated and thus fraudulent script to the Users' browser by checking if it was from web site ''S''. And this can be done through the Referer field, that specifies the site from which the link to ''P'' was obtained. All requests from ''S'' will be loaded the manipulated script, and thus the automatic and hidden request be sent. |
||
This attack will silently convert every innocent visit to ''S'' to a click on the advertisement in ''P''’s page. Even worse, ''P'' have collaboration with several dishonest Web sites, each of which can be in collaboration with several dishonest publishers. If the advertisement commissioner visits the Web site of ''P'', the non-fraudulent page will be displayed, and thus ''P'' cannot be accused of being fraudulent. Without a reason for suspecting that such collaboration exist, the advertisement commissioner has to inspect all the Internet sites to detect such attacks, which is infeasible. |
This attack will silently convert every innocent visit to ''S'' to a click on the advertisement in ''P''’s page. Even worse, ''P'' have collaboration with several dishonest Web sites, each of which can be in collaboration with several dishonest publishers. If the advertisement commissioner visits the Web site of ''P'', the non-fraudulent page will be displayed, and thus ''P'' cannot be accused of being fraudulent. Without a reason for suspecting that such collaboration exist, the advertisement commissioner has to inspect all the Internet sites to detect such attacks, which is infeasible. |
Revision as of 20:19, 12 January 2007
Hit Inflation Attack is a kind of fraudulent skill used by some advertisement publishers' to earn unjustified revenue on the traffic they drive to the advertisers’ Web sites. It is more sophisticated and hard to detect than simple Inflation Attack
This process involves the collaboration of two counterparts, a dishonest publisher, P, and a dishonest Web Site S. Wedpages on S have a script that redirects the customer to publisher P's website, and this process is hidden from the customer. So, when User U retrieves a page on S site, which would simulate a click or request to pages on P site. At P's side, it has two kinds of webpages: a manipulated version, and an original version. The manipulated version will simulates a click or request to the advertisement, causing publisher P to be credited for the click-through. P selectively determines whether to load the manipulated and thus fraudulent script to the Users' browser by checking if it was from web site S. And this can be done through the Referer field, that specifies the site from which the link to P was obtained. All requests from S will be loaded the manipulated script, and thus the automatic and hidden request be sent.
This attack will silently convert every innocent visit to S to a click on the advertisement in P’s page. Even worse, P have collaboration with several dishonest Web sites, each of which can be in collaboration with several dishonest publishers. If the advertisement commissioner visits the Web site of P, the non-fraudulent page will be displayed, and thus P cannot be accused of being fraudulent. Without a reason for suspecting that such collaboration exist, the advertisement commissioner has to inspect all the Internet sites to detect such attacks, which is infeasible.
This hit inflation attack scenario was described in [http://www.unizh.ch/home/mazzo/reports/www8conf/2149/pdf/pd1.pdf%7C1, and in [http://www.cs.ucsb.edu/research/trcs/docs/2005-13.pdf%7C2, a proper way by using association rules to find this fraud is discussed
References
[http://www.unizh.ch/home/mazzo/reports/www8conf/2149/pdf/pd1.pdf%7C1V. Anupam, A. Mayer, K. Nissim, B. Pinkas, and M. Reiter. On the Security of Pay-Per-Click and OtherWeb Advertising Schemes. In Proceedings of the 8th WWW International World Wide Web Conference, pages 1091–1100, 1999.
[http://www.cs.ucsb.edu/research/trcs/docs/2005-13.pdf%7C2A. Metwally, D. Agrawal, and A. El Abbadi. Efficient Computation of Frequent and Top-k Elements in Data Streams. In Proceedings of the 10th ICDT International Conference on Database Theory, pages 398–412, 2005. An extended version appeared as a University of California, Santa Barbara, Department of Computer Sciemce, technical report 2005-23.