Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISPs and Ad Networks Against Botnet Ad Fraud Nevena Vratonjic, Mohammad Hossein Manshaei, Maxim Raya and Jean-Pierre Hubaux 1 November 2010, GameSec’10.

Published byDale James Modified over 8 years ago

Similar presentations

Presentation on theme: "ISPs and Ad Networks Against Botnet Ad Fraud Nevena Vratonjic, Mohammad Hossein Manshaei, Maxim Raya and Jean-Pierre Hubaux 1 November 2010, GameSec’10."— Presentation transcript:

1 ISPs and Ad Networks Against Botnet Ad Fraud Nevena Vratonjic, Mohammad Hossein Manshaei, Maxim Raya and Jean-Pierre Hubaux 1 November 2010, GameSec’10

2 Online Ad Fraud Online advertising is the major source of revenue on the Web ($22.4 billion in the US in 2009) Exploits of the online advertising systems Click fraud (DormRing1 [1]) On-the-fly modification of ads (Bahama [2], Gumblar [3]) Botnet ad fraud! Ad fraud negatively affects the revenue of ad networks (ANs), advertisers and websites Economic incentive to fight botnet ad fraud 2 [1] Multi-million dollar Chinese click fraud ring broken, Anchor, 2009. [2] Botnet caught red handed stealing from Google, The Register, 2009. [3] Viral Web infection siphons ad dollars from Google, The Register, 2009.

3 ISPs Against Botnets ISPs are in the best position to detect and fight botnets Initiatives by IETF[1] and IIA[2] propose ISPs should: Detect botnets Remediate infected devices Yet, the revenue of ISPs is not (directly) affected by the botnets Incentive for ISPs to fight botnets? 3 [1] M. O’Reirdan et al., Recommendations for the Remediation of Bots in ISP Networks, IETF, September 2009. [2] M. O’Reirdan et al., ISP Voluntary Code of Practice for Industry Self-regulation in the Area of e-security, Internet Industry Association (IIA), September 2009.

4 ISPs and Ad Networks Against Botnet Ad Fraud? Economic incentive for ANs to fight botnet ad fraud ANs would benefit if ISPs fight botnets Economic incentive for ISPs to fight botnets? If it is at least cost neutral, or cost positive Are ANs willing to subsidize ISPs to fight botnets? Are ANs willing to fight botnet ad fraud themselves? 4

5 Related Work Online advertising fraud The best strategy for ad networks is to fight click fraud [1] Incentives to increase the security of the Web Users’ choice: Investment in security or insurance mechanisms [2] Our model introduces a new strategic player – the ISP 5 [1] B. Mungamuru et al., Should Ad Networks Bother Fighting Click Fraud? (Yes, they should.), Stanford InfoLab, Technical Report, July 2008. [2] J. Grossklags et al., Secure or insure?: a game-theoretic analysis of information security games, WWW 2008.

6 Outline I. Strategic behavior of ISPs and ANs II. Threats and Countermeasures III. Botnet Ad Fraud: A Case Study IV. Game-theoretic Model V. Numerical Analysis 6

7 System Model 7 User (U) Ad Servers (AS) Websites (WS) Advertisers (AV) Placing ads Embedding ads ISP Web page Ads Ad Network (AN) Online advertising system ISP Bots participating in ad fraud Botnet

8 Role of ISPs Traditional role: Provide Internet access to end users Forward the communication in compliance with Network Neutrality Policy New requirements Data retention legislations IETF and IIA initiatives for ISPs to detect bots and remediate infected devices 90% of Australian ISP subscribers are covered by this initiative A similar program is ready to be launched in Germany in 2010 How to fund the initiatives? Governments? 8

9 Command and Control (C&C) Malware 3. Hidden Communication with C&C: Instructions for the attacks (e.g., DDoS, SPAM, Adware, Spyware, Ad Fraud) 2. Local Infection: Malware infects the system and hides using Rootkit techniques 1. Spreading the Malware: via SPAM, Web, Worms,… Bot Master: controls the bots remotely Bot (Zombie) Botnet – A collection of software robots (bots) that run autonomously and automatically Covert Channel (e.g., IRC ) End Host Botnets

10 Threat: Botnet Ad Fraud More and more botnets committing ad fraud [1] Focus on botnets where: Malware causes infected devices to return altered ads Users’ clicks on altered ads generate ad revenue for botnet masters instead of ANs Consequence: Bots divert a fraction of ad revenue from ANs 10 [1] Biggest, Baddest Botnets: Wanted Dead or Alive, PC World, 2009.

11 Countermeasures ANs can protect their ad revenue by: 1. Improving security of online advertising systems More difficult for an adversary to successfully exploit those systems 2. Funding ISPs to fight botnets involved in ad frauds Eliminate the major cause of the revenue loss – botnets 11

12 Outline I. Strategic behavior of ISPs and ANs II. Threats and Countermeasures III. Botnet Ad Fraud: A Case Study IV. Game-theoretic Model V. Numerical Analysis 12

13 Popularity of Websites Infer number of generated clicks on ads for the top 1000 most popular websites in June 2009 based on the data of page views [Compete.com] Distribution of clicks follows the power law Q(n) – the number of clicks on ads per year at n-th ranked website Extrapolate Q(n) for the entire Web Estimated ad revenue generated by the top x websites : k – revenue each click generates for the AN P=$22.4 billions – total annual ad revenue 13

14 Securing Websites 1. Provide valid certificates for websites 2. Deploy HTTPS between users, websites and ad servers Cost for AN to secure N S websites = c S N S If bots divert a fraction λ of the ad revenue P, the optimal N S is: Proof: utility of the AN: 14 secureinsecure x

15 ISP and AN Cooperation ISP: Deploys a detection system (at a cost c D ) Successfully detects a fraction P D of N B bots in the network Online help desk to help subscribers remediate infected devices (at a cost c R per device) AN: Provides a reward R to the ISP per each remediated device Cooperation outcome: remediation of N R infected devices Optimal N R is: Proof: 15

16 Outline I. Strategic behavior of ISPs and ANs II. Threats and Countermeasures III. Botnet Ad Fraud: A Case Study IV. Game-theoretic Model V. Numerical Analysis 16

17 Game-theoretic Model Behavior of the ISP: Abstain (A) – forwards users’ communication Cooperate (C) – detects bots and remediates N R = P D N B infected devices Behavior of the AN: Abstain (A) – does not take any countermeasure Cooperate (C) – subsidizes the ISP to fight botnet ad fraud by providing a reward R per each remediated device Secure (S) – secures N S websites Cooperate & Secure (C+S) – deploy both countermeasures 17

18 The Game Dynamic, single-stage game G={P,S A,U} Set of players: P={ISP, AN} Set of actions: S A Set of utility functions: U Complete and perfect information Identify Nash Equilibrium (NE) 18

19 Game in the Normal Form 19 A S S+CS+C A C C λ – fraction of diverted ad revenue by the bots When playing S+C, the number of secured websites is: Payoffs = (U ISP,U AN )

20 Solving the Game 20 A S S+CS+C A C C Payoffs = (U ISP,U AN ) If R<c D /N R +c R and, NE: (A,A) If R<c D /N R +c R and, NE: (A,S) If R≥c D /N R +c R and, NE: (C,S+C) 20

21 21 Game Results 0λ1 (Abstain,Abstain) (Abstain,Secure) If R<c D /N R +c R and, NE: (A,A) If R<c D /N R +c R and, NE: (A,S) If R≥c D /N R +c R and, NE: (C,S+C) (Cooperate,Secure+Cooperate)

22 Outline I. Strategic behavior of ISPs and Ans II. Threats and Countermeasures III. Botnet Ad Fraud: A Case Study IV. Game-theoretic Model V. Numerical Analysis 22

23 Evaluations on a real data set Top 1000 most popular websites [Compete.com] Extrapolated with the power law Parameters: Fraction of ad revenue diverted by bots (λ) Number of bots in the network (N B ) Assumptions: c S = $400 – the estimated cost of deploying a X.509 certificate and HTTPS at the web server c R = $100 – the estimated cost of remediating an infected device c D = $100k – the estimated cost of the detection system 23

24 Game Results N B =10 4 24 (Abstain,Abstain): N S =0 & N R =0 (Abstain,Secure): N S ≠0 & N R =0 (Cooperate,Cooperate+Secure): N S ≠ 0 & N R ≠ 0 (A,A) λ<2· 10 -6 λ=6· 10 -5 (A,A) (A,S) (C,C+S)

25 Game Results contd. N B =10 7 25 (Abstain,Abstain): N S =0 & N R =0 (Abstain,Secure): N S ≠0 & N R =0 (Cooperate,Cooperate+Secure): N S ≠ 0 & N R ≠ 0 (A,A) λ<2· 10 -6 λ=0.072 (A,A)(A,S) (C,C+S)

26 26 Effect of number of bots (N B ) In a system with a given P D, when N B is high, the AN is cooperative only when the revenue loss is very high

27 Conclusion Novel problem of ISPs and ANs as strategic participants in efforts to fight botnets Studied the behavior and interactions of the ISPs and ANs Applied game-theoretic model to the real data Cooperation between ISPs and ANs: Reduces online crime in general Users benefit from ISPs’ help in maintaining the security of users’ devices ISPs and ANs earn more ANs securing websites: Improved Web security The most important websites secured first 27

Download ppt "ISPs and Ad Networks Against Botnet Ad Fraud Nevena Vratonjic, Mohammad Hossein Manshaei, Maxim Raya and Jean-Pierre Hubaux 1 November 2010, GameSec’10."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.

A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.
Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.

Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Integrity of the Web Content: The Case of Online Advertising Nevena Vratonjic Julien Freudiger Jean-Pierre Hubaux August 2010, Usenix CollSec’10.

Integrity of the Web Content: The Case of Online Advertising Nevena Vratonjic Julien Freudiger Jean-Pierre Hubaux August 2010, Usenix CollSec’10.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.

Benjamin Johnson Carnegie Mellon University Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information TRUST.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.

Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.
Security Games in Online Advertising: Can Ads Help Secure the Web? Nevena Vratonjic Maxim Raya Jean-Pierre Hubaux June 2010, WEIS’10 David C. Parkes.

Security Games in Online Advertising: Can Ads Help Secure the Web? Nevena Vratonjic Maxim Raya Jean-Pierre Hubaux June 2010, WEIS’10 David C. Parkes.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google