Online advertisements (ads) provide a powerful mechanism for advertisers to effectively target Web users. Ads can be customized based on a user’s browsing behavior, geographic location, and personal interests. There is currently a multi-billion dollar market for online advertising, which generates the primary revenue for some of the most popular websites on the Internet. In order to meet the immense market demand, and to manage the complex relationships between advertisers and publishers (i.e., the websites hosting the ads), marketplaces known as “ad exchanges” are employed. These exchanges allow publishers (sellers of ad space) and advertisers(buyers of this ad space) to dynamically broker traffic through ad networks to efficiently maximize profits for all parties. Unfortunately, the complexities of these systems invite a considerable amount of abuse from cybercriminals, who profit at the expense of the advertisers. In this paper, we present a detailed view of how one of the largest ad exchanges operates and the associated security issues from the vantage point of a member ad network. More specifically, we analyzed a dataset containing transactions for ingress and egress ad traffic from this ad network. In addition, we examined information collected from a command-and-control server used to operate a botnet that is leveraged to perpetrate ad fraud against the same ad exchange.
@inproceedings{Stone-Gross2011Understanding_Fraudulent, title = {{Understanding Fraudulent Activities in Online Ad Exchanges}}, author = {Stone-Gross, Brett and Stevens, Ryan and Zarras, Apostolis and Kemmerer, Richard and Kruegel, Chris and Vigna, Giovanni}, booktitle = {Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference}, series = {IMC}, year = {2011}, address = {New York, NY, USA}, doi = {10.1145/2068816.2068843}, isbn = {978-1-4503-1013-0}, pages = {279--294}, publisher = {ACM}, url = {https://doi.org/10.1145/2068816.2068843} }