Chinese
Service Area| About Us| Investigation procedure| Payment| Contact Us|
Attorney Servic|Business Services|Insurance Services|Individual Services|
Company dynamics|Industry news|Detective knowledge|
China Investigation
Service Search

Position:Home > News > Company dynamics >
Ad Fraud Detection Tools and Systems

Most systems from commercial companies for fraud detection follow the similar flows such as Clicklab, Click Defense, and Validclick. They all try to add programs such as Javascript or iframe codes into client computers. Then they track the information fed back by these codes and determine fraudulent clients.

“Are You A Human” (AYAH) Inc. [1] provides a human verification tool to differentiate human generated traffic from bot traffic, so third parties can effectively block the traffic generated by bots. The tool collects and analyzes users’ behavior by putting code on millions of sites. Once a user is verified as a human, information will be added into a “Verified Human Whitelist” and re-verified from day to day. In order to verify genuine human users, a unique feature used by AYAH is a game-based CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) [16]. For example, ATAH CAPTCHA may ask users to select and place eyes or mouths on a carton face. The task is easy, yet fun, for genuine human users, but rather difficult for non-human users, such as bots. While CAPTCHA is an effective way of differentiating human users, recently, research has investigated the possibility of using machine learning and artificial intelligence techniques to crack the CAPTCHA [4], and conclude that its is possible to solve CAPTCHA by using machine learning to attack the segmentation and the recognition problems simultaneously.

DoubleVerify (DV) Inc. [5], DV offers a unified service and performance platform, Pinnacle, which evaluates the quality of each impression delivered and the net result of each quality measure, such as the percentage of viewable impressions, fraud free impressions, brand safe impressions, and in geo targeting impressions etc. This allows DV to offer customized services for all stakeholders in the Ad ecosystem. For advertisers and agencies, DV Pinnacle pinpoints optimization actions to drive the return of investment (ROI) for in-flight campaigns. For publishers and Ad networks, Pinnacle allows optimization of inventory yield by delivering quality traffic to clients. For DSP and Ad exchanges, Pinnacle authenticates the quality of pre-bid decisions with the transparency necessary for quality inventory control. A recent study has shown that DoubleVerify uses extensive cookie-based and fingerprinting-based tracking for impression analysis and validation [6].

Forensiq Inc. [7] provides a fraud detection system working for all stages of Ad campaign, i.e. pre-campaign, in-campaign, and post-campaign. For pre-campaign fraud detection, the system will score each impression to determine the level of risk for this impression within 10 ms before DSP sending out the bid. This kind of pre-bid fraud detection is based on aggregate data and IP reputation from an evolving fraud intelligence database. While the Ad campaign is serving, a forensiq tag, which is a javascript tag inserted into publishers’ websites or ADs, will track the impression and obtain real-time scores. The stage of post-campaign is for reporting after the campaign is running. During this stage, data will be collected and visualized for analyzing the risk score, fraud trends and so on.

Integral Ad Science (IAS) Inc. [13], a media valuation company, was founded in 2009. The main business of the company is to validate the quality of online Ad placements for both media buyers and sellers, by using Ad verification, optimization, and analytics solutions, including massive-scale web page classification using “active testing” [2]. IAS offers a variety of products for marketers, programmatic players, and media sellers, and the company is known for addressing issues around fraud, Ad viewability, brand risk, and true advertising quality (TRAQ). The TRAQ is a unique Ad quality scoring system for buyers and sellers to value media by assessing the following metrics: brand safety, Ad fraud, page content and structure, time viewed, share of view, and Ad clutter among others. From the fraud detection and prevention perspective, IAS uses large scale data analytics and session-based signal analysis to measure and block fraud at the impression level, in real-time.

Moat Inc. [12] was originally an Ad search engine for display advertising which aggregates online advertising information, such as commercial brands, creative, campaigns etc, to support user search [3]. For generic search engines, like Google, they often index the underlying web pages, and strip out the display Ads. Moat, on the other hand, provides an indexing and search mechanisms for online Ads. For example, when typing a keyword, such “Apple”, it will help users search all creative Ad units currently running across the web. As business evolves, Moat is now offering real-time Ad analytics and provides a variety of Ad performance metrics, including viewability assessment, non-human traffic detection, audience characterization, and audience attention and engagement evaluation. These metrics not only validate the Ad impression, but also assess the audience, so both advertisers and publishers know who they are reaching and whether creative delivers interactions and captures the audience’s attention, or results in audience engagement.

ValidClick Inc. [10, 14] develops a real-time click fraud detection system for the affiliate network. The system consists of four parts, i.e. visitors, affiliate web sites, click verification web server, and advertisers. Every time a visitor makes a request on the affiliate web site, the affiliate will make another request to the click verification web server with visitor’s request information, IP address and agent browser information. Then, click verification web server will send visitor’s request information to advertiser and obtain the relative advertisement. Click verification web server will generate and store a verification ID for each advertisement and meanwhile, URL of the advertisement, visitor’s IP address and agent browser information will be stored in click verification web server’s database. Afterwards, the advertisement will be on the affiliate web site through the click verification web server. A client side script provided from click verification web server will be executed on the affiliate web site when certain events are triggered by visitors such as onmouseover event. Thus, verification ID, visitor’s IP address and agent browser information, size of the browser window and name of the web page will be sent and stored in click verification web server’s database. When a visitor clicks the advertisement, the request information along with the URL of the advertisement will be sent to the click verification web server. Information stored in the database will be retrieved according to URL of advertisement. Thereby, based on these information, click verification web server will check the validity of this click by examining rules set up for affiliates. The rules can be checked to see if the browser window is sufficiently large or the IP address is from suspicious countries or regions.

White Ops Inc. [9, 15] proposes a remote control detection system for preventing fraudulent traffic. A remote control can communicate with malware installed on computers of local users and will guide malware to execute commands, e.g. mimic human behavior. This system consists of three stages. By inserting the code snippet into the requested web pages, the first stage is to collect performance metric such as frequency data which refer to the frequency of updating events such as mouse movement movements. Limited by the network bandwidth, remote control agents will cause lower frequency than local users. The second stage is to compare the collected performance metric with characteristics for human activity and remote control activity. Finally, record the result based on the second stage and collect more results by repeating the three stages to form the report for local users and remote controls.

Ad Fraud Detection Systems in Academia

In addition to the commercial industry, Ad fraud detection and prevention has also received significant attentions in academia, with many prototype systems being proposed to fight fraud.

Ge et al. [8] developed a collaborative click fraud detection Ad prevention system (CCFDP). The main advantage of this system is collaboration between server side logs and client side logs. The server side logs includes tracking ID, Client IP, Client User Agent and cookies. Mouse movement such as mouse over and scroll bar movement and clicked link are from client side logs. Three roles are employed in this system, which are (1) Global Fraudulent Database (GFD) for storing both server side and client side logs. (2) Monitored web server for ignoring the request from fraudulent sites. (3) Client computers. The major process of detecting fraud is as follows:
  • Client computers send a request to a website.

  • Monitored web server will check the request first by sending server side logs to GFD. If the score of the request is higher than the default threshold in GFD’s score system, the request will be identified as fraudulent. Then monitored web server will abandon this request.

  • After monitored web server responds to the client computer with tracking program and ID, the program will send the client side logs to GFD continuously for detecting fraud.

In this system, simple tricks are applied to detect action fraud such as repeated clicks for affiliate fraud and the client’s IP from under-developed countries for conversion fraud. For bot and malware fraud, the system will check the mouse movement, page view time and other activities from client side logs and score them respectively. The client with overall score higher than the default threshold will be identified as fraud.

Liu et al. [11] implemented a system called DECAF to efficiently detect placement fraud in mobile apps from app stores. DECAF consists of UI Action channel and UI Extraction channel. UI Action channel employs the Monkey which is an automation tool to trigger actions such as clicking and scrolling. Different Actions will cause different states, i.e. different pages. Then UI Extraction is used to detect fraud based on the structure and content of these pages.


Powered by huaxindc.com Inc.Copyright © 2002-2017 HUAXIN. Detective Agency in China

Address:Xinhua Airlines building.,The East Third Ring Road,Chaoyang District,Beijing,China

Postal code:100071 Tel: +86 153-2191-0511 Email: info@huaxindc.com