Introduction next up previous
Next: The hit inflation problem Up: On the Security of Previous: On the Security of



Click-through payment programs ("pay-per-click") have become a popular branch of Internet advertising. In the simplest case, the webmaster of the site running the program, here called the target site, agrees to pay each referrer site for each user who clicks through the referrer to the target. That is, if a user views a Web page served from the referrer site, and then clicks on a hypertext link (e.g., banner ad, logo) in that page to the target site, then the target site owes the referrer site some predetermined amount of money. The target site runs a click-through payment program in order to motivate the referrer to prominently display ads for the target site on its Web pages. Often, the target site does not administer such a program itself but rather employs a third-party ad network to administer the click-through program on its behalf.[*]

Click-through counts are also used by the Internet advertising industry at large to determine the effectiveness of a banner ad (its location, design, etc.). Often the click-through rate (i.e., the percentage of users who clicked on the banner after seeing it) is used as a metric to determine the cost of placing the banner ad on a particular Web page.[*]

As has been recognized in the click-through payment industry, click-through payment programs are susceptible to hit inflation, where a referrer artificially inflates the click-through count for which it should be paid. Consequently, most ad networks include clauses in their service agreement that explicitly prohibit hit inflation by the referrer and mention that they have "effective software to detect such misuse".

The goal of this paper is to explore the extent to which hit inflation can be detected or prevented in click-through payment programs. The main result of this paper is negative: we present a hit inflation attack that on one hand is very difficult for the target site (or the ad network site, if present) to detect conclusively and that on the other hand can be used by the perpetrating referrer to inflate its referral count at the target site. The attack allows the referrer to transform every visit by a user on any site that is collaborating with the referrer into a click through to the target. We have tested the attack with both Netscape Navigator and Microsoft Internet Explorer browsers.

The practical implications of our attack are potentially significant. If our attack becomes commonplace, then it could accelerate a move away from pay-per-click programs and toward advertising programs where payment is offered to a referrer only if the referred user either makes a purchase at the target site (pay-per-sale) or shows some demonstrable interest (pay-per-lead). Such variations of click-through programs have already appeared on the Web, presumably motivated by the desire of target sites to pay only for "high quality" referrals. Our attack is ineffective against pay-per-sale and pay-per-lead programs. However, as we will discuss, these programs are susceptible to another form of fraud that present web infrastructure offers little ability to detect.

Aside from its potential impact, our attack employs an interesting technique. In the attack, two collaborating Web sites "team up" so that whenever a user visits one of these sites, the click-through count of the other Web site is incremented at the target. Moreover, this is invisible to the user, and the target has little ability to detect that this is not a legitimate referral, even if its webmaster suspects that the attack is happening. Rather, to convincingly detect this attack, the webmaster of the target must locate the Web page on the site that is initiating the attack (i.e., the one that the user actually visited), which should be very difficult unless the target has prior knowledge of the collaborating Web sites.

The rest of this paper is organized as follows. We introduce the hit inflation problem in more detail in Section 2. We describe our attack in Section 3, and we discuss the security of alternative advertising schemes (pay-per-sale and pay-per-click) in Section 4.

next up previous
Next: The hit inflation problem Up: On the Security of Previous: On the Security of
Mike Reiter