1. Field of the Invention
The invention generally relates to network traffic analysis and in particular, to click fraud detection.
2. Description of the Related Art
Advertising is one of many ways to direct Internet traffic to a website. Advertisers or advertising sponsors typically purchase online advertising, such as sponsored links or sponsored ads, and pay for such advertising based on, for example, a block of advertising impressions, a per click basis, conversions, leads, actions, or the like. These online advertising services can be subjected to fraud.
Pay per click (PPC) advertising is an arrangement in which a publisher displays clickable links from an advertising sponsor in exchange for a charge per click. An advertising network acts as a middleman between these publishers and advertising sponsors. Typically, for each click on an advertisement (ad), the advertising sponsor pays an advertising fee to the advertising network, which in turn pays the publisher a share of this money. This revenue sharing system can be exploited for click fraud.
Relatively large advertising networks, such as Google's AdWords/AdSense and Yahoo! Search Marketing, can also be considered to be publishers (on their search engines and their various websites). This complex relationship can create a conflict of interest. For example, an advertising network would pay advertising fees to a publisher for undetected click fraud, but the advertising network would also collect advertising fees from an advertising sponsor. Typically, the advertising network charges more to the advertising sponsor than it pays out to publishers, so there is typically little incentive for the advertising network to detect fraudulent clicks.
Advertising networks can attempt to stop fraud, but determining which clicks are legitimate can be a difficult task. Advertising sponsors typically resist paying for fraudulent clicks. Publishers typically resent having to pay refunds for click fraud detected late.
Click fraud occurs in pay per click (PPC) online advertising when a person, automated script, computer program, or the like, imitates the clicks of a legitimate user of a web browser to generate an improper charge per click.
Those engaged in large scale fraud will often run scripts that simulate a human's clicks on ads in web pages. However, huge numbers of clicks appearing to come from just one, or a small number of computers, or a single geographic area, can look suspicious to an advertising network and to advertising sponsors.
Sophisticated scammers circumvent detection by clandestinely controlling relatively many computers with their own Internet connections running in disparate geographic locations. Often, scripts do not truly mimic human behavior, so scammers can turn to Trojan code or other malware to turn an unsuspecting person's machine into a zombie computer and use sporadic redirects or DNS-cache-poisoning to turn the user's actions into clicks on PPC advertisements. Such actions can generate revenue for the scammer, who may be paid by a beneficiary of click fraud.
An example of a conventional solution typically only detect click fraud in pre-defined advertising campaigns, and advertising sponsors are alerted to multiple page loads, or clickthroughs from identical Internet Protocol (IP) addresses. Present solutions can typically examine activity only on a URL by URL basis for the HTTP referer resource, which can be cumbersome when many URLs are providing referrals to the referred-to website.