integral ad science digital ad fraud presentation
DESCRIPTION
An overview into a prevalent and rapidly increasing problem in the digital advertising space. What is Digital Fraud?TRANSCRIPT
Digital Fraud What’s all the fuss about?
1
Fraudulent Impressions:
Source: Integral Ad Science based on ~80 bn impressions/month
Total Advertising: 14%
In 2013 over $6 billion dollars were pocketed by fraudsters!
An Advertising Industry Epidemic: Everyone is affected
Exchanges: 13%
Networks: 15%
Publisher Direct: 2%
Fraud: Why Does It Take Place?
Simple economics: Supply and Demand
33
1. Supply and Demand
2. Poorly defined success metrics:
Eyeballs (CPM) Action taken (CPC, CPA)
3. Because it’s cheap and easy for hackers
44
Back To The Basics Digital Fraud Dictionary
Click fraud noun \ˈklik frȯd\ imitation of legitimate click-through events on advertisements with no interest in link target
Impression fraud noun \ˈim-ˈpre-shəәn frȯd\ 1. imitation of legitimate impression views with no interest in ad content. 2. Solicitation of impressions with no opportunity to be viewed by a human Bots noun \ˈbäts\ a device or piece of software that can execute commands, reply to messages, or perform routine tasks, or perform routine tasks with minimum human intervention Illegal bots noun \(ˌ)i(l)-ˈlē-gəәlˈbäts\ computers that are compromised and whose security defenses have been breached and control conceded to a third party Botnet: noun \ˈbät net\ a collection of bots communicating with command centers in order to perform tasks Pixel stuffing: noun \ˈpik-səәl ˈstəә-fiŋ\ stuffing an entire ad-supported site into a 1x1 pixel Ad stacking: noun \ˈad ˈsta-kiŋ\ placing multiple ads on top of each other in a single ad placement
What fraud is not:
• Web crawlers • Poor viewability;
below the fold • Collisions • In-banner, auto-
play, muted video
Hacker:
Sex: Male
Age:18-35
Location: Eastern Europe, Asia
Background: Good computer skills
55
Who Are The Participants? Profile
Botnet Operator:
Sex: Male
Age: 34+
Location: Eastern Europe
Characteristics: Disregard of the law, confident, driven by money
Typical Infected Computer Owner:
Technologically challenged
Owns a dated computer and software
Suburban, rural, household without kids
Unlikely to own a smart phone/tablet
66
How Does It Work? Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
77
How Does It Work? Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
88
How Does It Work? Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
99
How Does It Work? Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency.
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
10
10
How Does It Work? Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency. performed the script assigned by the botnet center through visiting high value audience sites
to profile Joe as an ideal candidate for advertisers.
According to instruction, Joe’s bot activated and
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
11
11
How Does It Work? Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency. performed the script assigned by the botnet center through visiting high value audience sites
to profile Joe as an ideal candidate for advertisers.
According to instruction, Joe’s bot activated and
The bot was also instructed to go to sites that sell
bot traffic that generate millions of fraudulent ads.
communicating with a botnet center.
At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe
didn’t even know about it!
12
12
How Does It Work? Follow the bot
Once upon a time Joe Schmo turned on his computer and installed a cleanup software.
Later that day, unbeknown to Joe, the bot engine started
Joe’s bot was instructed on which sites to visit, in
which sequence and at what frequency. performed the script assigned by the botnet center through visiting high value audience sites
to profile Joe as an ideal candidate for advertisers.
According to instruction, Joe’s bot activated and
The bot was also instructed to go to sites that sell
Meanwhile, the botnet operator sat back and
counted his money, and Joe…well he didn’t read this story. And they all lived happily ever after.
bot traffic that generate millions of fraudulent ads.
13
13
Heat Map See the action
Live Demonstration What does it look like?
14
15
15
So What Can We Do About It? Fighting Back
Policing – FBI or private companies
Pros: Bringing the criminals to justice Cons: Inefficient and ineffective – every botnet that is shut down is soon replaced by a new one
Technology – The only way to cut the flow of cash
Black lists – When fraud is detected a site is added to a blacklist
Pros: Reactively shuts down supply to fraudsters Cons: Lists are not updated frequently
Impression level detection and prevention
Pros: Proactively shuts down supply to fraudsters; Detection at the impression level allows for scale Dynamic
16
16
How Is Fraud Detected?
First we look at behavioral patterns We flag the following non-human signals:
Cookies that are deleted at the end of activity cycle Intense activity Reoccurring activities patterns/levels
At this point: some bots are detected, others are able to go undetected Next – we look at each impression
• Signals that are atypical for a human • Density of page loads • Density of page visits • Atypical distribution of browsers • Browser spoofing • Conflicting measurement results • Was the impression traded in a suspicious way
Cross-validate all of the above and determine validity of signals and patterns
Behavioral Pattern
Bot
…or not
17
17
So Who Is To Blame?
Innocent bystanders: Legitimate advertisers and publishers
Guilty: Botnet operators Those who knowingly buy/sell bot traffic
18
18
How Is The Industry Dealing With Fraud?
Proactive
Passive Pretend the problem
doesn’t exist
Knowingly or unknowingly buy and sell bot traffic
Able to eliminate
some of the bot traffic
Eliminate all bot traffic Are serious about fraud: • Use cutting edge technology to
vet 100% of inventory
Partially address the problem: • Use a subpar solution
• Run the technology only on part of the inventory
19
19
The Integral Ad Science Solution Proactively Block Fraud
Benefits: – Proactively block fraud before the ad is served – Dynamic data used to cross reference fraud signals – Not relying on outdated, rarely updated black lists – Pre-bid fraud solution prevents bidding on fraudulent inventory
20