Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Digital Fraud
What’s all the fuss about?
1
Fraudulent Impressions:
Source: Integral Ad Science based on ~80 bn impressions/month
Total Advertising: 14%
In 2013 over ...
Fraud: Why Does It Take Place?
Simple economics: Supply and Demand
3
3
1.  Supply and Demand
2. Poorly defined success
met...
4
4
Back To The Basics
Digital Fraud Dictionary
Click fraud noun ˈklik frȯd imitation of legitimate click-through events
o...
Hacker:
Sex: Male
Age:18-35
Location: Eastern
Europe, Asia
Background: Good
computer skills
5
5
Who Are The Participants?
...
6
6
How Does It Work?
Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
7...
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, ...
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, ...
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, ...
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, ...
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, ...
1
3
13
Heat Map
See the action
Live Demonstration
What does it look like?
14
1
5
15
So What Can We Do About It?
Fighting Back
Policing – FBI or private companies
Pros: Bringing the criminals to justi...
1
6
16
How Is Fraud Detected?
First we look at behavioral patterns
We flag the following non-human signals:
Cookies that a...
1
7
17
So Who Is To Blame?
Innocent bystanders:
Legitimate advertisers
and publishers
Guilty:
Botnet operators
Those who k...
1
8
18
How Is The Industry Dealing With Fraud?
Proactive
Passive
Pretend the problem
doesn’t exist
Knowingly or unknowingl...
1
9
19
The Integral Ad Science Solution
Proactively Block Fraud
Benefits:
–  Proactively block fraud before the ad is serv...
20
Upcoming SlideShare
Loading in …5
×

Integral Ad Science Digital Ad Fraud Presentation

8,007 views

Published on

An overview into a prevalent and rapidly increasing problem in the digital advertising space. What is Digital Fraud?

Published in: Technology

Integral Ad Science Digital Ad Fraud Presentation

  1. 1. Digital Fraud What’s all the fuss about? 1
  2. 2. Fraudulent Impressions: Source: Integral Ad Science based on ~80 bn impressions/month Total Advertising: 14% In 2013 over $6 billion dollars were pocketed by fraudsters! An Advertising Industry Epidemic: Everyone is affected Exchanges: 13% Networks: 15% Publisher Direct: 2%
  3. 3. Fraud: Why Does It Take Place? Simple economics: Supply and Demand 3 3 1.  Supply and Demand 2. Poorly defined success metrics: Eyeballs (CPM) Action taken (CPC, CPA) 3. Because it’s cheap and easy for hackers
  4. 4. 4 4 Back To The Basics Digital Fraud Dictionary Click fraud noun ˈklik frȯd imitation of legitimate click-through events on advertisements with no interest in link target Impression fraud noun ˈim-ˈpre-shəәn frȯd 1. imitation of legitimate impression views with no interest in ad content. 2. Solicitation of impressions with no opportunity to be viewed by a human Bots noun ˈbäts a device or piece of software that can execute commands, reply to messages, or perform routine tasks, or perform routine tasks with minimum human intervention Illegal bots noun (ˌ)i(l)-ˈlē-gəәlˈbäts computers that are compromised and whose security defenses have been breached and control conceded to a third party Botnet: noun ˈbät net a collection of bots communicating with command centers in order to perform tasks Pixel stuffing: noun ˈpik-səәl ˈstəә-fiŋ stuffing an entire ad-supported site into a 1x1 pixel Ad stacking: noun ˈad ˈsta-kiŋ placing multiple ads on top of each other in a single ad placement What fraud is not: •  Web crawlers •  Poor viewability; below the fold •  Collisions •  In-banner, auto- play, muted video
  5. 5. Hacker: Sex: Male Age:18-35 Location: Eastern Europe, Asia Background: Good computer skills 5 5 Who Are The Participants? Profile Botnet Operator: Sex: Male Age: 34+ Location: Eastern Europe Characteristics: Disregard of the law, confident, driven by money Typical Infected Computer Owner: Technologically challenged Owns a dated computer and software Suburban, rural, household without kids Unlikely to own a smart phone/tablet
  6. 6. 6 6 How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
  7. 7. At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe didn’t even know about it! 7 7 How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
  8. 8. communicating with a botnet center. At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe didn’t even know about it! 8 8 How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed a cleanup software. Later that day, unbeknown to Joe, the bot engine started
  9. 9. communicating with a botnet center. At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe didn’t even know about it! 9 9 How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed a cleanup software. Later that day, unbeknown to Joe, the bot engine started Joe’s bot was instructed on which sites to visit, in which sequence and at what frequency.
  10. 10. communicating with a botnet center. At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe didn’t even know about it! 1 0 10 How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed a cleanup software. Later that day, unbeknown to Joe, the bot engine started Joe’s bot was instructed on which sites to visit, in which sequence and at what frequency. performed the script assigned by the botnet center through visiting high value audience sites to profile Joe as an ideal candidate for advertisers. According to instruction, Joe’s bot activated and
  11. 11. communicating with a botnet center. At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe didn’t even know about it! 1 1 11 How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed a cleanup software. Later that day, unbeknown to Joe, the bot engine started Joe’s bot was instructed on which sites to visit, in which sequence and at what frequency. performed the script assigned by the botnet center through visiting high value audience sites to profile Joe as an ideal candidate for advertisers. According to instruction, Joe’s bot activated and The bot was also instructed to go to sites that sell bot traffic that generate millions of fraudulent ads.
  12. 12. communicating with a botnet center. At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe didn’t even know about it! 1 2 12 How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed a cleanup software. Later that day, unbeknown to Joe, the bot engine started Joe’s bot was instructed on which sites to visit, in which sequence and at what frequency. performed the script assigned by the botnet center through visiting high value audience sites to profile Joe as an ideal candidate for advertisers. According to instruction, Joe’s bot activated and The bot was also instructed to go to sites that sell Meanwhile, the botnet operator sat back and counted his money, and Joe…well he didn’t read this story. And they all lived happily ever after. bot traffic that generate millions of fraudulent ads.
  13. 13. 1 3 13 Heat Map See the action
  14. 14. Live Demonstration What does it look like? 14
  15. 15. 1 5 15 So What Can We Do About It? Fighting Back Policing – FBI or private companies Pros: Bringing the criminals to justice Cons: Inefficient and ineffective – every botnet that is shut down is soon replaced by a new one Technology – The only way to cut the flow of cash Black lists – When fraud is detected a site is added to a blacklist Pros: Reactively shuts down supply to fraudsters Cons: Lists are not updated frequently Impression level detection and prevention Pros: Proactively shuts down supply to fraudsters; Detection at the impression level allows for scale Dynamic
  16. 16. 1 6 16 How Is Fraud Detected? First we look at behavioral patterns We flag the following non-human signals: Cookies that are deleted at the end of activity cycle Intense activity Reoccurring activities patterns/levels At this point: some bots are detected, others are able to go undetected Next – we look at each impression •  Signals that are atypical for a human •  Density of page loads •  Density of page visits •  Atypical distribution of browsers •  Browser spoofing •  Conflicting measurement results •  Was the impression traded in a suspicious way Cross-validate all of the above and determine validity of signals and patterns Behavioral Pattern Bot …or not
  17. 17. 1 7 17 So Who Is To Blame? Innocent bystanders: Legitimate advertisers and publishers Guilty: Botnet operators Those who knowingly buy/sell bot traffic
  18. 18. 1 8 18 How Is The Industry Dealing With Fraud? Proactive Passive Pretend the problem doesn’t exist Knowingly or unknowingly buy and sell bot traffic Able to eliminate some of the bot traffic Eliminate all bot trafficAre serious about fraud: •  Use cutting edge technology to vet 100% of inventory Partially address the problem: •  Use a subpar solution •  Run the technology only on part of the inventory
  19. 19. 1 9 19 The Integral Ad Science Solution Proactively Block Fraud Benefits: –  Proactively block fraud before the ad is served –  Dynamic data used to cross reference fraud signals –  Not relying on outdated, rarely updated black lists –  Pre-bid fraud solution prevents bidding on fraudulent inventory
  20. 20. 20

×