SLEUTH

Single-publisher attack detection using correlation hunting

Ahmed Metwally, Fatih Emekçi, Divyakant Agrawal, Amr El Abbadi

Research output: Chapter in Book/Report/Conference proceedingChapter

20 Citations (Scopus)

Abstract

Several data management challenges arise in the context of Internet advertising networks, where Internet advertisers pay Internet publishers to display advertisements on their Web sites and drive traffic to the advertisers from surfers' clicks. Although advertisers can target appropriate market segments, the model allows dishonest publishers to defraud the advertisers by simulating fake traffic to their own sites to claim more revenue. This paper addresses the case of publishers launching fraud attacks from numerous ma- chines, which is the most widespread scenario. The difficulty of uncovering these attacks is proportional to the number of machines and resources exploited by the fraudsters. In general, detecting this class of fraud entails solving a new data mining problem, which is finding correlations in multidimensional data. Since the dimen- sions have large cardinalities, the search space is huge, which has long allowed dishonest publishers to inflate their traffic, and deplete the advertisers' advertising budgets. We devise the approximate SLEUTH algorithms to solve the problem efficiently, and uncover single-publisher frauds. We demonstrate the effectiveness of SLEUTH both analytically and by reporting some of its results on the Fastclick network, where numerous fraudsters were discovered.

Original languageEnglish
Title of host publicationProceedings of the VLDB Endowment
Pages1217-1228
Number of pages12
Volume1
Edition2
Publication statusPublished - Aug 2008
Externally publishedYes

Fingerprint

Internet
Marketing
Launching
Computer networks
Information management
Data mining
Websites
Networks (circuits)

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Computer Science(all)

Cite this

Metwally, A., Emekçi, F., Agrawal, D., & Abbadi, A. E. (2008). SLEUTH: Single-publisher attack detection using correlation hunting. In Proceedings of the VLDB Endowment (2 ed., Vol. 1, pp. 1217-1228)

SLEUTH : Single-publisher attack detection using correlation hunting. / Metwally, Ahmed; Emekçi, Fatih; Agrawal, Divyakant; Abbadi, Amr El.

Proceedings of the VLDB Endowment. Vol. 1 2. ed. 2008. p. 1217-1228.

Research output: Chapter in Book/Report/Conference proceedingChapter

Metwally, A, Emekçi, F, Agrawal, D & Abbadi, AE 2008, SLEUTH: Single-publisher attack detection using correlation hunting. in Proceedings of the VLDB Endowment. 2 edn, vol. 1, pp. 1217-1228.
Metwally A, Emekçi F, Agrawal D, Abbadi AE. SLEUTH: Single-publisher attack detection using correlation hunting. In Proceedings of the VLDB Endowment. 2 ed. Vol. 1. 2008. p. 1217-1228
Metwally, Ahmed ; Emekçi, Fatih ; Agrawal, Divyakant ; Abbadi, Amr El. / SLEUTH : Single-publisher attack detection using correlation hunting. Proceedings of the VLDB Endowment. Vol. 1 2. ed. 2008. pp. 1217-1228
@inbook{b8d9e69b0f7645818cb0fa781bf865b1,
title = "SLEUTH: Single-publisher attack detection using correlation hunting",
abstract = "Several data management challenges arise in the context of Internet advertising networks, where Internet advertisers pay Internet publishers to display advertisements on their Web sites and drive traffic to the advertisers from surfers' clicks. Although advertisers can target appropriate market segments, the model allows dishonest publishers to defraud the advertisers by simulating fake traffic to their own sites to claim more revenue. This paper addresses the case of publishers launching fraud attacks from numerous ma- chines, which is the most widespread scenario. The difficulty of uncovering these attacks is proportional to the number of machines and resources exploited by the fraudsters. In general, detecting this class of fraud entails solving a new data mining problem, which is finding correlations in multidimensional data. Since the dimen- sions have large cardinalities, the search space is huge, which has long allowed dishonest publishers to inflate their traffic, and deplete the advertisers' advertising budgets. We devise the approximate SLEUTH algorithms to solve the problem efficiently, and uncover single-publisher frauds. We demonstrate the effectiveness of SLEUTH both analytically and by reporting some of its results on the Fastclick network, where numerous fraudsters were discovered.",
author = "Ahmed Metwally and Fatih Emek{\cc}i and Divyakant Agrawal and Abbadi, {Amr El}",
year = "2008",
month = "8",
language = "English",
volume = "1",
pages = "1217--1228",
booktitle = "Proceedings of the VLDB Endowment",
edition = "2",

}

TY - CHAP

T1 - SLEUTH

T2 - Single-publisher attack detection using correlation hunting

AU - Metwally, Ahmed

AU - Emekçi, Fatih

AU - Agrawal, Divyakant

AU - Abbadi, Amr El

PY - 2008/8

Y1 - 2008/8

N2 - Several data management challenges arise in the context of Internet advertising networks, where Internet advertisers pay Internet publishers to display advertisements on their Web sites and drive traffic to the advertisers from surfers' clicks. Although advertisers can target appropriate market segments, the model allows dishonest publishers to defraud the advertisers by simulating fake traffic to their own sites to claim more revenue. This paper addresses the case of publishers launching fraud attacks from numerous ma- chines, which is the most widespread scenario. The difficulty of uncovering these attacks is proportional to the number of machines and resources exploited by the fraudsters. In general, detecting this class of fraud entails solving a new data mining problem, which is finding correlations in multidimensional data. Since the dimen- sions have large cardinalities, the search space is huge, which has long allowed dishonest publishers to inflate their traffic, and deplete the advertisers' advertising budgets. We devise the approximate SLEUTH algorithms to solve the problem efficiently, and uncover single-publisher frauds. We demonstrate the effectiveness of SLEUTH both analytically and by reporting some of its results on the Fastclick network, where numerous fraudsters were discovered.

AB - Several data management challenges arise in the context of Internet advertising networks, where Internet advertisers pay Internet publishers to display advertisements on their Web sites and drive traffic to the advertisers from surfers' clicks. Although advertisers can target appropriate market segments, the model allows dishonest publishers to defraud the advertisers by simulating fake traffic to their own sites to claim more revenue. This paper addresses the case of publishers launching fraud attacks from numerous ma- chines, which is the most widespread scenario. The difficulty of uncovering these attacks is proportional to the number of machines and resources exploited by the fraudsters. In general, detecting this class of fraud entails solving a new data mining problem, which is finding correlations in multidimensional data. Since the dimen- sions have large cardinalities, the search space is huge, which has long allowed dishonest publishers to inflate their traffic, and deplete the advertisers' advertising budgets. We devise the approximate SLEUTH algorithms to solve the problem efficiently, and uncover single-publisher frauds. We demonstrate the effectiveness of SLEUTH both analytically and by reporting some of its results on the Fastclick network, where numerous fraudsters were discovered.

UR - http://www.scopus.com/inward/record.url?scp=80051546602&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80051546602&partnerID=8YFLogxK

M3 - Chapter

VL - 1

SP - 1217

EP - 1228

BT - Proceedings of the VLDB Endowment

ER -