CN104463635A - Method and device for detecting malicious advertisement clicks - Google Patents
Method and device for detecting malicious advertisement clicks Download PDFInfo
- Publication number
- CN104463635A CN104463635A CN201410806896.2A CN201410806896A CN104463635A CN 104463635 A CN104463635 A CN 104463635A CN 201410806896 A CN201410806896 A CN 201410806896A CN 104463635 A CN104463635 A CN 104463635A
- Authority
- CN
- China
- Prior art keywords
- advertisement
- information
- traffic information
- traffic
- maliciously
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and device for detecting malicious advertisement clicks. The method includes the steps that advertisement flow information in a website server is detected by a detection device located on the side of the website server; a preset flow strategy is adopted for judging whether the current advertisement flow information in the website server is malicious advertisement click information or not; if yes, flow information, belonging to the malicious advertisement click information, in the advertisement flow information is intercepted. According to the method, the advertisement flow information in the website server is detected by the detection device located in the website server, whether the advertisement flow information is the malicious advertisement click information or not is judged through the preset flow strategy, if the advertisement flow information is malicious advertisement click information, the information belonging to the malicious advertisement click information is intercepted, billing of the malicious advertisement clicks is prevented by detecting and intercepting malicious advertisement click behaviors, benefits of an advertiser are protected, and the network advertisement putting effect is improved.
Description
Technical field
The present invention relates to Internet technical field, be specifically related to a kind of advertisement and click maliciously detection method and device.
Background technology
Along with the universal of internet and the develop rapidly of infotech, the web advertisement is just with the speed develop rapidly of beyond tradition media advertisement.In traditional media advertisement, such as television advertising, audience ratings embodies a kind of effective form of advertisement playing effect.In the web advertisement is play, except utilizing the exposure of certain advertisement to except the result of broadcast embodying this advertisement, increasing advertiser wishes to recognize that the end has how many users interested in this advertisement.General, if user is interested in this advertisement, so user can click this advertisement, thus produce network click event, in certain section of event, user, after browsing to the web advertisement in web page, clicks this advertisement, open the advertisement link page, this process is an effective network click.
Web advertisement master is after the advertisement promoted thrown in by search engine, and each Internet user can receive the web advertisement substantially, and internet search engine can be charged to advertiser according to the click behavior of user.This charging method generally uses in search engine advertisement promotion.And Internet user colony is complicated, except there is the normal behaviour of click advertisement, also have some behaviors clicked maliciously.Such as, some hacker realizes clicking maliciously by writing relative program, and some dom, such as rival clicks maliciously, the number of clicks of artificial increase advertisement, causes advertisement businessman to pay the expense of a large amount of invalid advertisement.
This clicking maliciously on the one hand can the interests of grievous injury businessman, and have injured the trust of businessman to the search engine operator of pay-per-click and this pattern; On the other hand, the distrust of advertisement businessman to search engine causes the input that they are unwilling on this advertising, directly affects the profit of search engine companies.
Therefore, how to prevent the web advertisement to be clicked maliciously preferably, reduce the expense of the web advertisement, the input effect improving the web advertisement becomes a kind of demand.
Summary of the invention
For defect of the prior art, the invention provides a kind of advertisement and click maliciously detection method and device, achieve the detection and the interception that advertisement are clicked maliciously to behavior, prevent the charging that advertisement clicks maliciously, improve the input effect of the web advertisement.
First aspect, the invention provides a kind of advertisement and clicks maliciously pick-up unit, comprising:
Detection module, for the ad traffic information in checking network site server;
Judge module, judges for adopting default traffic policy whether the ad traffic information in current site server is that advertisement clicks maliciously information;
First blocking module, the ad traffic information for judging in current site server at described judge module is advertisement when clicking maliciously information, tackles in described ad traffic information and belongs to the flow information that advertisement clicks maliciously information.
Alternatively, described ad traffic information comprises following one or more:
The information of described advertisement, the IP address clicking described advertisement, the time point information clicking described advertisement, the number of times clicking described advertisement in preset time period, each time clicked described advertisement and stay.
Alternatively, described device also comprises:
Receiver module, for detect the ad traffic information in described Website server at described detection module before, the traffic policy that reception server sends;
Traffic policy in described server is that described server clicks maliciously the strategy of Information Statistics according to the advertisement that multiple pick-up unit reports.
Alternatively, described device also comprises:
Negative sense probability determination module, ad traffic information for judging in current site server at judge module does not belong to after advertisement clicks maliciously information, adopt preset algorithm to determine not belong to the negative sense probability that advertisement clicks maliciously the ad traffic information of information, described negative sense probability is the probability that this ad traffic information belongs to that advertisement clicks maliciously information;
Second blocking module, for when described negative sense probability meets preset range, tackles ad traffic information corresponding for described negative sense probability.
Alternatively, described device also comprises:
Sending module, for clicking maliciously the ad traffic information of information and ad traffic information sending server corresponding to described negative sense probability by belonging to advertisement in described ad traffic information.
Second aspect, present invention also offers a kind of advertisement and clicks maliciously detection method, comprising:
The pick-up unit being arranged in Website server side detects the ad traffic information of described Website server;
The traffic policy preset is adopted to judge whether the ad traffic information in current site server is that advertisement clicks maliciously information;
If so, then tackle in described ad traffic information and belong to the flow information that advertisement clicks maliciously information.
Alternatively, described ad traffic information comprises following one or more:
The information of described advertisement, the IP address clicking described advertisement, the time point information clicking described advertisement, the number of times clicking described advertisement in preset time period, each time clicked described advertisement and stay.
Alternatively, described traffic policy is the described pick-up unit traffic policy that reception server sends before detecting the ad traffic information in described Website server;
Traffic policy in described server is that described server clicks maliciously the strategy of Information Statistics according to the advertisement that multiple pick-up unit reports.
Alternatively, described method also comprises:
Do not belong to after advertisement clicks maliciously information in the ad traffic information adopting the traffic policy preset to judge in current site server, adopt preset algorithm to determine not belong to the negative sense probability that advertisement clicks maliciously the ad traffic information of information, described negative sense probability is the probability that this ad traffic information belongs to that advertisement clicks maliciously information;
If described negative sense probability meets preset range, then ad traffic information corresponding for described negative sense probability is tackled.
Alternatively, described method also comprises:
The ad traffic information of information and ad traffic information sending server corresponding to described negative sense probability is clicked maliciously by belonging to advertisement in described ad traffic information.
As shown from the above technical solution, a kind of advertisement provided by the invention clicks maliciously detection method and device, the method is by detecting the ad traffic information in described Website server, and judge whether this ad traffic information is that advertisement clicks maliciously information by the traffic policy preset, when this ad traffic information is fallacious message, the information belonging to advertisement and click maliciously information is tackled, the method is by clicking maliciously detection and the interception of behavior to advertisement, prevent the charging that advertisement clicks maliciously, protect gray interests, improve the input effect of the web advertisement.
In instructions of the present invention, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, to disclose and to help to understand in each inventive aspect one or more to simplify the present invention, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should not explained the following intention in reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
It will be understood by those skilled in the art that adaptively to change the module in the equipment in embodiment and they are arranged and be in one or more equipment that this embodiment is different.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit is mutually exclusive part, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the equipment of a kind of browser terminal of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme, it all should be encompassed in the middle of the scope of claim of the present invention and instructions.
Accompanying drawing explanation
Fig. 1 clicks maliciously the schematic flow sheet of detection method for advertisement that one embodiment of the invention provides;
Fig. 2 clicks maliciously the schematic flow sheet of detection method for advertisement that another embodiment of the present invention provides;
Fig. 3 clicks maliciously the structural representation of pick-up unit for advertisement that one embodiment of the invention provides.
Embodiment
Below in conjunction with accompanying drawing, the embodiment of invention is further described.Following examples only for technical scheme of the present invention is clearly described, and can not limit the scope of the invention with this.
The advertisement that Fig. 1 shows the embodiment of the present invention to be provided clicks maliciously detection method, and as shown in Figure 1, this advertisement clicks maliciously detection method and specifically comprises the steps:
101, the pick-up unit being arranged in Website server detects the ad traffic information of described Website server;
Above-mentioned Website server can be performed by the pick-up unit in the server of third party software company, also can be performed by the pick-up unit thrown in gray server.
Above-mentioned ad traffic information at least comprises following one: the information of described advertisement, Internet protocol (Internet Protocol the is called for short IP) address clicking described advertisement, the time point information clicking described advertisement, the number of times clicking described advertisement in preset time period, each time etc. clicked described advertisement and stay.The present embodiment is only illustrated ad traffic information, and this ad traffic information also can comprise other information, and the present embodiment does not limit it
102, the traffic policy preset is adopted to judge whether the ad traffic information in current site server is that advertisement clicks maliciously information;
The traffic policy preset in the present embodiment was described pick-up unit before detecting the ad traffic information in described Website server can the traffic policy that sends of reception server.
Wherein, the traffic policy in described server is that described server clicks maliciously the strategy of Information Statistics according to the advertisement that multiple pick-up unit reports.
Above-mentioned server can be cloud server.That is the pick-up unit of all Website server sides can connect cloud server, can the real-time reception Cloud Server traffic policy downloading or upgrade in the process of the ad traffic information in real-time monitoring network site server, to ensure that the advertisement in the ad traffic information of checking network site server comparatively accurately clicks maliciously information.
It is undertaken judging by above-mentioned default traffic policy that above-mentioned advertisement clicks maliciously information.
For example, traffic policy can be: blacklist IP address
andadvertisement number of times is clicked in preset time period
andclick advertisement residence time etc.
Or traffic policy can be: blacklist IP address
andadvertisement number of times is clicked in preset time period
orclick advertisement residence time etc., the present embodiment is only illustrated traffic policy, can determine the traffic policy for this ad traffic information according to actual needs with the advertising message of reality.
103 if then tackle in ad traffic information and belong to the flow information that advertisement clicks maliciously information.
That is, the information belonging to advertisement in described ad traffic information and click maliciously information is tackled.
Certainly, if the ad traffic information adopting traffic policy to judge in current site server in above-mentioned steps 102 does not belong to advertisement when clicking maliciously information, the ad traffic information of current detection of can letting pass.
Be understandable that, after above-mentioned steps 102, when adopt the traffic policy preset judge this ad traffic information be advertisement click maliciously information time, then the information of this ad traffic information is tackled, to stop Website server this advertisement is clicked maliciously and charge.
Said method is detected the ad traffic information in Website server by the traffic policy issued according to cloud server, thus which identifies for advertisement and click maliciously information, and information is clicked maliciously to the advertisement detected carry out interception and prevent advertisement from clicking maliciously charge, the method clicks maliciously charge relative to prior art for the advertisement of charges paid and carries out identifying and filtering, accurately, efficiency is high in interception.
The advertisement that Fig. 2 shows the embodiment of the present invention to be provided clicks maliciously detection method, and as shown in Figure 2, this advertisement clicks maliciously detection method and specifically comprises the steps:
201, the pick-up unit being arranged in Website server side detects the ad traffic information of described Website server;
Above-mentioned ad traffic information at least comprises following one: the information of described advertisement, the IP address clicking described advertisement, the time point information clicking described advertisement, the number of times clicking described advertisement in preset time period, each time clicked described advertisement and stay.
For example, this advertising message comprises the message identification of this advertisement, can be known some information relevant to this advertisement such as search engine operator of the advertiser of this advertisement, the content of this advertisement, the correspondence of this advertisement by this mark.
202, the traffic policy preset is adopted to judge whether the ad traffic information in current site server is that advertisement clicks maliciously information.
Usually, the IP blacklist for this advertising message in the nearest time period can be comprised in traffic policy, or traffic policy also can comprise the average click numbers range etc. of each IP interior of nearest time period for this advertising message.
It should be noted that, above-mentioned default traffic policy is the traffic policy receiving cloud server transmission in advance; Wherein, the traffic policy in cloud server is the strategy that the advertisement reported according to multiple pick-up unit clicks maliciously Information Statistics.
It is undertaken judging by above-mentioned default traffic policy that above-mentioned advertisement clicks maliciously information.
Above-mentioned traffic policy can be formulated according to the content of above-mentioned ad traffic information, concrete, suppose to detect and resolve ad traffic information, and then mate with traffic policy according to the information of resolving, to determine whether in the scope of traffic policy, if, then determine that belonging to advertisement clicks maliciously information.The parsing of ad traffic information is exemplified below: the information A of described advertisement, the IP address B clicking described advertisement, the time point information C clicking described advertisement, the number of times D clicking described advertisement in preset time period, each time E etc. clicking described advertisement and stay;
For example, above-mentioned parsing ad traffic information can to following classification, the IP that such as above-mentioned hypothesis clicks this advertisement comprises with this advertising message incoherent IP address B1, IP address B2 etc. with this advertisement competition opponent; It is C1,9:00-18:00 time period be C2,18:00-23:00 time period be C3,23:00-7:00 time period is tetra-periods of C4 that the information clicking the time point of this advertisement can comprise the 7:00-9:00 time period; The number of times clicking described advertisement in preset time period can comprise: be not less than 3 D1, be not less than 1 D2, be not less than 10 D3, be not less than 5 minutes and click 1 D4 being not less than for 5 seconds and being less than in 5 minutes to click being not less than for 5 seconds and being less than in 5 minutes to click being less than in 5 seconds to click; Clicking time that this advertisement stays can comprise and be less than 5 seconds E1, be not less than for 5 seconds and be less than 5 minutes E2, be not less than 5 minutes E3 etc.
Classification the present embodiment of above-mentioned parsing ad traffic information, only for illustrating, does not limit it.
Such as, click the number of times of described advertisement in above-mentioned preset time period, can be understood as the number of times that the same IP clicking this advertisement clicks described advertisement in preset time period.This preset time period can by hour in units of, or by minute in units of.If by minute in units of, then this preset time period can be understood as same IP number of times clicking this advertisement etc. in 5 minutes
As shown in table 1, according to above-mentioned ad traffic information and after resolving ad traffic information, and the traffic policy for this advertisement can be set according to actual conditions in the present embodiment.
Table 1:
Above-mentioned traffic policy can set like this, to there is B2
orC4
ord1
ord2
orthe information of ad traffic information during E1 carries out tackling or abandoning; Or to there is B1
and(C1
orc2
orc3
orc4)
andd1
orthe information of ad traffic information during E1 carries out tackling or abandoning; To B1
and(C1
orc2
orc3
orc4)
andd4
orthe information of the ad traffic information of E3 does not carry out tackling or abandoning, and lets pass to it, charges to this motor to make search engine operator; To B1
and(C1
orc2
orc3
orc4)
andd2
orthe information of the ad traffic information of E2 does not carry out tackling or abandoning, and is undertaken to be detected by this ad traffic information, does not let pass to it.Above-mentioned strategy in the present embodiment, only for illustrating, does not specifically limit the concrete arrangement mode of above-mentioned traffic policy.
203 if then tackle the information belonging to advertisement in described ad traffic information and click maliciously information.
Being understandable that, when adopting the traffic policy preset to judge that the ad traffic information in current site server is that advertisement clicks maliciously information, both having met above-mentioned B2
orc4
ord1
ord2
ore1 or B1
and(C1
orc2
orc3
orc4)
andd1
orduring E1, then think that this ad traffic information is that advertisement clicks maliciously information.
In a particular application, for example, run into above-mentioned for B1
and(C1
orc2
orc3
orc4)
andd2
orduring the ad traffic information of E2, namely when different from this advertisement competition opponent IP IP clicks this advertising message, and 1 time is not less than being not less than for 5 seconds and being less than in 5 minutes to click in section sometime, and be less than 5 seconds the residence time of this click, then can think that the user of this certain IP address of ad click possibility is interested in this advertisement before click, after just looking at this advertisement, find that this advertisement is not that he wants; Another kind of situation to think that this ad click may click maliciously for advertisement, but in order to avoid interception, deliberately avoid the strategy preset.In above-mentioned two situations, can not this ad click of intuitive judgment whether be that advertisement clicks maliciously, therefore, now in order to more accurately the ad traffic information clicking maliciously informational probability larger for advertisement in ad traffic information be identified, the said method of the present embodiment also comprises following detecting step, and concrete said method also comprises the steps:
204, do not belong to after advertisement clicks maliciously information in the ad traffic information adopting the traffic policy preset to judge in current site server in step 202., then adopt preset algorithm to determine not belong to the negative sense probability that advertisement clicks maliciously the ad traffic information of information, described negative sense probability is belong to the probability that advertisement clicks maliciously information;
Preset algorithm in the present embodiment can for search in the Bayesian model of training in advance with the matching degree of this ad traffic information, and obtain the forward probability of the forward weighted value of this ad traffic information and the negative sense probability of negative sense weighted value.
For example, if be included in preset time period inherence to be not less than for 5 seconds and to be less than the number of times clicking this advertisement in 5 minutes and be not less than 1 time, identical with this feature in above-mentioned model have 100 information, wherein, identical with this feature and belong to that advertisement clicks maliciously information have 80, identical with this feature and belong to that non-advertisement clicks maliciously information have 20, then think that forward weighted value corresponding to this ad traffic information is 0.8, negative sense weighted value is 0.2.
Said method be applicable to the ad traffic information adopting the traffic policy preset to judge in current site server do not belong to advertisement click maliciously information time, then undertaken calculating this ad traffic information by above-mentioned preset algorithm and belong to the probability that advertisement clicks maliciously information.Therefore said method is further comprising the steps of:
205, judge whether above-mentioned negative sense probability meets preset range;
If 206 described negative sense probability meet described preset range, then the information of ad traffic information corresponding for described negative sense probability is carried out tackling or abandoning.
For example, if the preset range of negative sense probability is 0.5 ~ 0.9, then B1 is calculated
and(C1
orc2
orc3
orc4)
andd2
orthe probability of the ad traffic information of E2 is 0.8, then the information of this ad traffic information carried out tackling or abandoning.
If 207 described negative sense probability do not meet preset range, then the information of ad traffic information corresponding for described negative sense probability is let pass.
In another mode in the cards, if the preset range of negative sense probability is 0.5 ~ 0.9, then calculate B1
and(C1
orc2
orc3
orc4)
andd2
orthe negative sense probability of the ad traffic information of E2 is 0.45, then the information of ad traffic information corresponding for this negative sense probability let pass.
In order to make the traffic policy in above-mentioned steps 202 be up-to-date traffic policy, therefore said method also comprises the steps 208:
208, the ad traffic information of information is clicked maliciously and ad traffic information corresponding to described negative sense probability sends cloud server by belonging to advertisement in described ad traffic information.
In a particular application, the ad traffic information of information and ad traffic information sending server corresponding to described negative sense probability is clicked maliciously by belonging to advertisement by pick-up unit, achieve and the traffic policy in above-mentioned cloud server is upgraded, the renewal of this strategy can be real-time also can timing, upgrade such as every day one inferior.
A kind of advertisement that Fig. 3 shows the embodiment of the present invention to be provided clicks maliciously pick-up unit, and as shown in Figure 3, this device comprises: detection module 31, judge module 32 and the first blocking module 33.
Detection module 31, for the ad traffic information in checking network site server;
Concrete, ad traffic information comprises: the information of described advertisement, the IP address clicking described advertisement, the time point information clicking described advertisement, the number of times clicking described advertisement in preset time period, each time clicked described advertisement and stay.
Judge module 32, judges for adopting default traffic policy whether the ad traffic information in current site server is that advertisement clicks maliciously information;
First blocking module 33, the ad traffic information for judging in current site server at described judge module is advertisement when clicking maliciously information, tackles in described ad traffic information and belongs to the flow information that advertisement clicks maliciously information.
Concrete, said apparatus also comprises unshowned receiver module 34 in Fig. 3.
Receiver module 34, before at described traffic policy being the ad traffic information of described detection module in the described Website server of detection, the traffic policy that reception server sends;
Traffic policy in described server is that described server clicks maliciously the strategy of Information Statistics according to the advertisement that multiple detection module reports.
Adopt above-mentioned traffic policy can not this ad click of intuitive judgment be whether advertisement click maliciously time, in order to the ad traffic information clicking maliciously information negative sense probability larger for advertisement in ad traffic information be identified more accurately, said apparatus also comprises not shown negative sense probability determination module 35 and the second blocking module 36;
This negative sense probability determination module 35, ad traffic information for judging in current site server at judge module does not belong to after advertisement clicks maliciously information, adopt preset algorithm to determine not belong to the negative sense probability that advertisement clicks maliciously the ad traffic information of information, described negative sense probability is the probability that this ad traffic information belongs to that advertisement clicks maliciously information;
Second blocking module 36, for when described negative sense probability meets preset range, tackles ad traffic information corresponding for described negative sense probability.
In order to upgrade the traffic policy in above-mentioned cloud server, said apparatus also comprises not shown sending module 37:
Sending module 37, for clicking maliciously the ad traffic information of information and ad traffic information sending server corresponding to described negative sense probability by belonging to advertisement in described ad traffic information.
Said apparatus and said method are one to one, and the specific example of said method illustrates and is applicable to this device too, and the present invention is not described in detail to the implementation detail of said apparatus.
Claims (10)
1. advertisement clicks maliciously a pick-up unit, it is characterized in that, comprising:
Detection module, for the ad traffic information in checking network site server;
Judge module, judges for adopting default traffic policy whether the ad traffic information in current site server is that advertisement clicks maliciously information;
First blocking module, the ad traffic information for judging in current site server at described judge module is advertisement when clicking maliciously information, tackles in described ad traffic information and belongs to the flow information that advertisement clicks maliciously information.
2. device according to claim 1, is characterized in that, described ad traffic information comprises following one or more:
The information of described advertisement, the IP address clicking described advertisement, the time point information clicking described advertisement, the number of times clicking described advertisement in preset time period, each time clicked described advertisement and stay.
3. device according to claim 1, is characterized in that, described device also comprises:
Receiver module, for detect the ad traffic information in described Website server at described detection module before, the traffic policy that reception server sends;
Traffic policy in described server is that described server clicks maliciously the strategy of Information Statistics according to the advertisement that multiple pick-up unit reports.
4. device according to claim 1, is characterized in that, described device also comprises:
Negative sense probability determination module, ad traffic information for judging in current site server at judge module does not belong to after advertisement clicks maliciously information, adopt preset algorithm to determine not belong to the negative sense probability that advertisement clicks maliciously the ad traffic information of information, described negative sense probability is the probability that this ad traffic information belongs to that advertisement clicks maliciously information;
Second blocking module, for when described negative sense probability meets preset range, tackles ad traffic information corresponding for described negative sense probability.
5. device according to claim 4, is characterized in that, described device also comprises:
Sending module, for clicking maliciously the ad traffic information of information and ad traffic information sending server corresponding to described negative sense probability by belonging to advertisement in described ad traffic information.
6. advertisement clicks maliciously a detection method, it is characterized in that, comprising:
The pick-up unit being arranged in Website server side detects the ad traffic information of described Website server;
The traffic policy preset is adopted to judge whether the ad traffic information in current site server is that advertisement clicks maliciously information;
If so, then tackle in described ad traffic information and belong to the flow information that advertisement clicks maliciously information.
7. method according to claim 6, is characterized in that, described ad traffic information comprises following one or more:
The information of described advertisement, the IP address clicking described advertisement, the time point information clicking described advertisement, the number of times clicking described advertisement in preset time period, each time clicked described advertisement and stay.
8. method according to claim 6, is characterized in that, described traffic policy is the described pick-up unit traffic policy that reception server sends before detecting the ad traffic information in described Website server;
Traffic policy in described server is that described server clicks maliciously the strategy of Information Statistics according to the advertisement that multiple pick-up unit reports.
9. method according to claim 6, is characterized in that, described method also comprises:
Do not belong to after advertisement clicks maliciously information in the ad traffic information adopting the traffic policy preset to judge in current site server, adopt preset algorithm to determine not belong to the negative sense probability that advertisement clicks maliciously the ad traffic information of information, described negative sense probability is the probability that this ad traffic information belongs to that advertisement clicks maliciously information;
If described negative sense probability meets preset range, then ad traffic information corresponding for described negative sense probability is tackled.
10. method according to claim 9, is characterized in that, described method also comprises:
The ad traffic information of information and ad traffic information sending server corresponding to described negative sense probability is clicked maliciously by belonging to advertisement in described ad traffic information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410806896.2A CN104463635A (en) | 2014-12-22 | 2014-12-22 | Method and device for detecting malicious advertisement clicks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410806896.2A CN104463635A (en) | 2014-12-22 | 2014-12-22 | Method and device for detecting malicious advertisement clicks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104463635A true CN104463635A (en) | 2015-03-25 |
Family
ID=52909627
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410806896.2A Pending CN104463635A (en) | 2014-12-22 | 2014-12-22 | Method and device for detecting malicious advertisement clicks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104463635A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104932966A (en) * | 2015-06-19 | 2015-09-23 | 广东欧珀移动通信有限公司 | Method and device for detecting false downloading times of application software |
| CN106341373A (en) * | 2015-07-09 | 2017-01-18 | 安恒通(北京)科技有限公司 | Method and apparatus for detecting and preventing malicious clicks on advertisement links |
| CN106656929A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Information processing method and apparatus |
| CN106651458A (en) * | 2016-12-29 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Advertisement anti-cheating method and device |
| CN107578263A (en) * | 2017-07-21 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of detection method, device and the electronic equipment of advertisement abnormal access |
| CN107592236A (en) * | 2016-07-07 | 2018-01-16 | 北京奇虎科技有限公司 | The monitoring method and device of a kind of related business datum of promotion message |
| CN108234413A (en) * | 2016-12-15 | 2018-06-29 | 北京奇虎科技有限公司 | The determining method, apparatus and advertising platform of ad traffic quality |
| CN108920944A (en) * | 2018-06-12 | 2018-11-30 | 腾讯科技(深圳)有限公司 | Detection method, device, computer equipment and the storage medium of auxiliary clicking event |
| CN111199415A (en) * | 2018-11-20 | 2020-05-26 | 北京京东尚科信息技术有限公司 | Model training method, device, equipment and medium for identifying effectiveness of click advertisements |
| CN111641629A (en) * | 2020-05-28 | 2020-09-08 | 腾讯科技(深圳)有限公司 | Abnormal behavior detection method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101657809A (en) * | 2007-04-25 | 2010-02-24 | 雅虎公司 | Be used to the system of click traffic scoring |
| CN103870572A (en) * | 2014-03-18 | 2014-06-18 | 北京博雅立方科技有限公司 | Method and device for defending malicious click on advertisement page |
-
2014
- 2014-12-22 CN CN201410806896.2A patent/CN104463635A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101657809A (en) * | 2007-04-25 | 2010-02-24 | 雅虎公司 | Be used to the system of click traffic scoring |
| CN103870572A (en) * | 2014-03-18 | 2014-06-18 | 北京博雅立方科技有限公司 | Method and device for defending malicious click on advertisement page |
Non-Patent Citations (1)
| Title |
|---|
| 龚尚福 等: ""基于用户行为分析的广告欺诈点击检测"", 《计算机应用与软件》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104932966B (en) * | 2015-06-19 | 2017-09-15 | 广东欧珀移动通信有限公司 | Detect that application software downloads the method and device of brush amount |
| CN104932966A (en) * | 2015-06-19 | 2015-09-23 | 广东欧珀移动通信有限公司 | Method and device for detecting false downloading times of application software |
| CN106341373A (en) * | 2015-07-09 | 2017-01-18 | 安恒通(北京)科技有限公司 | Method and apparatus for detecting and preventing malicious clicks on advertisement links |
| CN106341373B (en) * | 2015-07-09 | 2019-07-23 | 安一恒通(北京)科技有限公司 | Method and apparatus for detecting and preventing malicious clicks on advertisement links |
| CN106656929A (en) * | 2015-10-30 | 2017-05-10 | 北京国双科技有限公司 | Information processing method and apparatus |
| CN107592236A (en) * | 2016-07-07 | 2018-01-16 | 北京奇虎科技有限公司 | The monitoring method and device of a kind of related business datum of promotion message |
| CN108234413A (en) * | 2016-12-15 | 2018-06-29 | 北京奇虎科技有限公司 | The determining method, apparatus and advertising platform of ad traffic quality |
| CN106651458B (en) * | 2016-12-29 | 2020-07-07 | 腾讯科技(深圳)有限公司 | Advertisement anti-cheating method and device |
| CN106651458A (en) * | 2016-12-29 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Advertisement anti-cheating method and device |
| CN107578263A (en) * | 2017-07-21 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of detection method, device and the electronic equipment of advertisement abnormal access |
| CN107578263B (en) * | 2017-07-21 | 2021-01-05 | 北京奇艺世纪科技有限公司 | Advertisement abnormal access detection method and device and electronic equipment |
| CN108920944A (en) * | 2018-06-12 | 2018-11-30 | 腾讯科技(深圳)有限公司 | Detection method, device, computer equipment and the storage medium of auxiliary clicking event |
| CN108920944B (en) * | 2018-06-12 | 2023-05-23 | 腾讯科技(深圳)有限公司 | Method and device for detecting auxiliary click event, computer equipment and storage medium |
| CN111199415A (en) * | 2018-11-20 | 2020-05-26 | 北京京东尚科信息技术有限公司 | Model training method, device, equipment and medium for identifying effectiveness of click advertisements |
| CN111199415B (en) * | 2018-11-20 | 2024-05-24 | 北京京东尚科信息技术有限公司 | Model training method, device, equipment and medium for identifying effectiveness of click advertisement |
| CN111641629A (en) * | 2020-05-28 | 2020-09-08 | 腾讯科技(深圳)有限公司 | Abnormal behavior detection method, device, equipment and storage medium |
| CN111641629B (en) * | 2020-05-28 | 2021-08-10 | 腾讯科技(深圳)有限公司 | Abnormal behavior detection method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104463635A (en) | Method and device for detecting malicious advertisement clicks | |
| CN101437030B (en) | Method for preventing server from being attacked, detection device and monitoring device | |
| Li et al. | Knowing your enemy: understanding and detecting malicious web advertising | |
| JP2008176787A (en) | Method and apparatus for monitoring invalid click | |
| Alrwais et al. | Dissecting ghost clicks: Ad fraud via misdirected human clicks | |
| Hirschey | Symbiotic relationships: Pragmatic acceptance of data scraping | |
| CN101075908B (en) | Method and system for accounting network click numbers | |
| EP2003608A1 (en) | Network devices for replacing an advertisement with another advertisement | |
| US9912766B2 (en) | System and method for identifying a link and generating a link identifier for the link on a webpage | |
| US20140019245A1 (en) | Systems and methods for protecting consumer privacy in online environments | |
| US20080306815A1 (en) | Method and system for inserting targeted data in available spaces of a webpage | |
| US20080304518A1 (en) | Network device for embedding data in a data packet sequence | |
| US20130246618A1 (en) | Systems and Methods to Emulate User Network Activity | |
| WO2008008087A2 (en) | Identifying spurious requests for information | |
| WO2015013459A1 (en) | Systems and methods for managing network resource requests | |
| US20130346202A1 (en) | Automated IPv6, IPv4 Address Classifier | |
| WO2007123760A2 (en) | Network device for monitoring and modifying network traffic between an end user and a content provider | |
| Liu et al. | On the effects of registrar-level intervention | |
| US20220012771A1 (en) | Method and system for click inspection | |
| CN110636068B (en) | Method and device for identifying unknown CDN node in CC attack protection | |
| US20080243612A1 (en) | System and method for using a browser extension to detect events related to digital advertisements | |
| CN101882278A (en) | Method and system for preventing web advertisement from being clicked maliciously | |
| Banerjee et al. | SUT: Quantifying and mitigating url typosquatting | |
| Iqbal et al. | Protecting Internet users from becoming victimized attackers of click‐fraud | |
| CN104462251A (en) | Data processing method and device for network multimedia file delivery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161206 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: Beijing Qihu Technology Co., Ltd. Applicant before: Qizhi Software (Beijing) Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150325 |
|
| RJ01 | Rejection of invention patent application after publication |