Dissecting Click Fraud Autonomy in the Wild

by   Tong Zhu, et al.

Although the use of pay-per-click mechanisms stimulates the prosperity of the mobile advertisement network, fraudulent ad clicks result in huge financial losses for advertisers. Extensive studies identify click fraud according to click/traffic patterns based on dynamic analysis. However, in this study, we identify a novel click fraud, named humanoid attack, which can circumvent existing detection schemes by generating fraudulent clicks with similar patterns to normal clicks. We implement the first tool ClickScanner to detect humanoid attacks on Android apps based on static analysis and variational AutoEncoder (VAE) with limited knowledge of fraudulent examples. We define novel features to characterize the patterns of humanoid attacks in the apps' bytecode level. ClickScanner builds a data dependency graph (DDG) based on static analysis to extract these key features and form a feature vector. We then propose a classification model only trained on benign datasets to overcome the limited knowledge of humanoid attacks. We leverage ClickScanner to conduct the first large-scale measurement on app markets (i.e.,120,000 apps from Google Play and Huawei AppGallery) and reveal several unprecedented phenomena. First, even for the top-rated 20,000 apps, ClickScanner still identifies 157 apps as fraudulent, which shows the prevalence of humanoid attacks. Second, it is observed that the ad SDK-based attack (i.e., the fraudulent codes are in the third-party ad SDKs) is now a dominant attack approach. Third, the manner of attack is notably different across apps of various categories and popularities. Finally, we notice there are several existing variants of the humanoid attack. Additionally, our measurements demonstrate the proposed ClickScanner is accurate and time-efficient (i.e., the detection overhead is only 15.35 existing schemes).


page 1

page 2

page 3

page 4


Peel the onion: Recognition of Android apps behind the Tor Network

In this work we show that Tor is vulnerable to app deanonymization attac...

Fine with "1234"? An Analysis of SMS One-Time Password Randomness in Android Apps

A fundamental premise of SMS One-Time Password (OTP) is that the used ps...

Clicktok: Click Fraud Detection using Traffic Analysis

Advertising is a primary means for revenue generation for millions of we...

MadDroid: Characterising and Detecting Devious Ad Content for Android Apps

Advertisement drives the economy of the mobile app ecosystem. As a key c...

CHAMP: Characterizing Undesired App Behaviors from User Comments based on Market Policies

Millions of mobile apps have been available through various app markets....

How Private is Android's Private DNS Setting? Identifying Apps by Encrypted DNS Traffic

DNS over TLS (DoT) and DNS over HTTPS (DoH) promise to improve privacy a...

DeFiRanger: Detecting Price Manipulation Attacks on DeFi Applications

The rapid growth of Decentralized Finance (DeFi) boosts the Ethereum eco...

Please sign up or login with your details

Forgot password? Click here to reset