Advertising plays a vital role in supporting free websites and
smartphone apps. Click-spam, i.e., fraudulent or invalid clicks on
online ads where the user has no actual interest in the advertiser’s
site, results in advertising revenue being misappropriated by
click-spammers. While ad networks take active measures to block
click-spam today, the effectiveness of these measures is largely
unknown. Moreover, advertisers and third parties have no way of
independently estimating or defending against click-spam.
In this talk, we take the first systematic look at click-spam. We
propose the first methodology for advertisers to independently measure
click-spam rates on their ads. We also develop an automated
methodology for ad networks to proactively detect different
simultaneous click-spam attacks. We validate both methodologies using
data from major ad networks. We then conduct a large-scale measurement
study of click-spam across ten major ad networks and four types of
ads. In the process, we identify and perform in-depth analysis on
seven ongoing click-spam attacks not blocked by major ad networks at
the time of this writing. Our findings highlight the severity of the
click-spam problem, especially for mobile ads.