WO2013181672A1 - Methods and systems for click-fraud detection in online advertising - Google Patents
Methods and systems for click-fraud detection in online advertising Download PDFInfo
- Publication number
- WO2013181672A1 WO2013181672A1 PCT/US2013/043951 US2013043951W WO2013181672A1 WO 2013181672 A1 WO2013181672 A1 WO 2013181672A1 US 2013043951 W US2013043951 W US 2013043951W WO 2013181672 A1 WO2013181672 A1 WO 2013181672A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- publisher
- click
- aggregated
- network service
- advertisement
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0248—Avoiding fraud
Definitions
- Various embodiments of the disclosed facility generally relate to providing services and information to an internet user.
- Online advertising is a form of promotion that uses the Internet and World Wide Web to deliver marketing messages to attract customers.
- Examples of online advertising include contextual ads on search engine results pages, banner ads, blogs, rich media Ads, social network advertising, interstitial ads, online classified advertising, advertising networks and e-mail marketing, including e-mail spam. Many of these types of ads are delivered by an ad server.
- One major benefit of online advertising is the immediate publishing of information and content that is not limited by geography or time.
- Click-through rate is a way of measuring the success of an online advertising campaign for a particular website.
- the click-through rate of an advertisement is defined as the number of clicks on an ad divided by the number of times the ad is shown (impressions), expressed as a percentage. For example, if a banner ad is delivered 100 times (100 impressions) and receives one click, then the click-through rate for the advertisement would be 1 %.
- CPM Cost Per Milie
- CPT Cost Per Thousand
- impressions may not be counted, such as a reioad or internal user action.
- CPC Cost Per Click
- PPC Payment per click
- CPC differs from CPV in that each click is paid for regardless of whether the user makes it to the target site.
- CPA Cost Per Action or Cost Per Acquisition
- PPF Payment Per Performance
- an advertiser communicates with an advertising network (or simply, an "ad network") to disseminate advertisements according to certain criteria (e.g., definition of certain number of impressions over a certain period, the demography or contextual nature of how the advertisements should be placed, etc.).
- the ad network then works with hundreds of publishers (i.e., web site operators that place content in various web sites run by them) to have advertisements placed in ad spaces allocated within web sites run by the publishers.
- Ad networks are routinely defrauded (e.g., by publishers) via "click- fraud.”
- Click fraud is a type of fraud that occurs on the internet in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link.
- click-fraud is a method of fraud by which, for example, a fraudulent publisher generates fake clicks to an API of the ad network.
- an ad network can implement a fraud detection service to detect click-frauds.
- the ad network utilizes an ad campaign to primarily detect click-frauds.
- an ad for a new car is used to primarily detect those publishers committing click- frauds instead of just marketing the new car to a potential buyer.
- the ad network tracks a user's click independent of the click tracking performed by the ad network's API. By utilizing various statistical analyses of the two user counts of each publisher with that of the other publishers that are also monitored using the fraud detection service, the fraudulent publishers can be identified.
- the ad network can flag as cheats those publishers whose two user counts vary significantly compared to the other publishers. Such a comparison allows the fraud detection service to account for expected variance between the two user counts of a given publisher due to common tracking problems associated with each of the user tracking methods.
- Figure 1 provides a brief, general description of a representative environment in which the invention can be implemented
- Figures 2A-2C depict illustrative examples of provisioning an ad- network related landing page
- Figure 3 depicts a process that illustrates an example of a fraud detection service as introduced herein;
- Figure 4 is a high-level block diagram showing an example of the architecture for a computer system.
- Advertising networks are entities that connect advertisers to web sites (also referred to as publishers) that want to host advertisements.
- An advertiser is the entity (e.g., a beverage manufacturer) that wishes to advertise their products or services. The advertiser may prefer for their advertisements to be placed in relevant market locations, or on relevant days, and in some instances, also have the advertisements served to potentially interested targets.
- ad networks serve as the intermediary between the advertisers and publishers.
- Publishers as defined herein, are, for example, operators or administrators of a web site (e.g., an online search results provider, an online news provider, etc.) that provide content beneficial to its users (i.e., the people that log in to the web site for information).
- a web site e.g., an online search results provider, an online news provider, etc.
- One manner in which such publishers gain revenue is by opening up portions of their web site (in most cases, in conjunction with the information posted for the users) to have
- the publishers make such "ad space" available to ad networks.
- the publisher may make available some context related to the information being displayed in a particular web page so as to enable the ad network to cater contextual advertisements to that particular web page.
- the ad network may sense the reader's interest and have advertisements related to tickets for the sports event catered to that particular web page.
- One of the key functions of the ad networks is aggregation of ad space supply from publishers and matching it with advertiser demand.
- the ad network routinely obtains requirements from an advertiser. This may include contenxtuality requirements, a specification of the number of impressions to be placed for an advertisement over a given period of time, and other such requirements, in return, the ad network causes the advertisements to be placed with publishers that are subscribed with the ad network.
- the ad network further collects, for example, statistical information from the publisher for reporting to the advertiser.
- the ad network may collect, from the publisher, information on click through rates (i.e., an indication of a number of successful clicks of the advertisement) and then compute commensurate compensation for the publisher for allowing the advertisement to be published in their ad space, it is understood that any type of advertisement compensation metric, as understood by a person of ordinary skill in the art, are contemplated in this disclosure.
- the ad network uses an application programming interface (API) to communicate with, for example, the publisher or the advertiser.
- API application programming interface
- the ad network exposes its API to a publisher, allowing the publisher to communicate ⁇ e.g., using API calls or other communication functionalities as understood by a person of ordinary skill in the art) information to the ad network or to receive advertising information from the ad network for placement of advertisements in their ad spaces.
- ad networks may expose their APIs to advertisers to receive information on advertising specs or receive content related to the
- ad networks directly expose the API to receive information on clicks or other events experienced in the publisher's ad space to make its own determination of statistics.
- ad networks are routinely defrauded (e.g., by publishers) via "click-fraud.”
- Click fraud is a type of fraud that occurs on the internet in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link.
- click-fraud is a method of fraud by which a fraudulent publisher generates fake clicks to an APi of the ad network.
- the APi is a software module utilized by the ad network to serve (i.e. provide) advertisements in the publishers' website and to track various metrics for each of the served advertisements (e.g. number of impressions for a given ad, number for clicks for the given ad, etc.).
- the ad network's API module maintains a separate record for each publisher to track the advertisements served to each publisher's website and the various metrics recorded for each of the served advertisements.
- the ad network's API module receives input values, such as the IP address of the user the ad was served to, the URL of the publisher website's the ad was served from, etc., to calculate the various metrics.
- the input values received by the ad network's API module are generally provided by the computing device (e.g. mobile phone, desktop computer) of the user the advertisement was served to and from other sources, such as visitor-related logs (i.e. logs that track user activities on a publisher's website) from the publisher's website.
- a fake click can be easily generated to an ad network's API by submitting fake, generated input values such as a user's IP address, user- agent, click URL, and any other input values required by the ad network's API.
- the ad networks currently rely on server-side pattern analysis, whereby the ad networks analyze click logs to detect outliers and other abnormalities within various cross-sections of the data. For example, an ad network may notice abnormalities in CTRs (click-through-rates) in various countries (e.g. abnormally high CTRs from India and China compared to U.S. and Canada for a publisher's website) within a fraudulent publisher's data.
- This method of click detection is costly since it requires teams of specialized analysts, and in most cases it doesn't detect much of the click-fraud.
- an ad network can implement a fraud detection service to detect click-frauds.
- the ad network utilizes an ad campaign to primarily detect click-frauds.
- an ad for a new car is used to primarily detect those publishers committing click- frauds instead of just marketing the new car to a potential buyer.
- the ad network tracks a user's click independent of the click tracking performed by the ad network's API. By utilizing various statistical analyses of the two user counts of each publisher with that of the other publishers that are also monitored using the fraud detection service, the fraudulent publishers can be identified.
- the ad network can flag as cheats those publishers whose two user counts vary significantly compared to the other publishers. Such a comparison allows the fraud detection service to account for expected variance between the two user counts of a given publisher due to common tracking problems associated with each of the user tracking methods.
- Figure 1 and the following discussion provide a brief, general description of a representative environment in which the techniques described herein can be implemented. Although not required, aspects of the invention may be described below in the general context of computer-executable instructions, such as routines executed by a general-purpose data processing device (e.g., a server computer or a personal computer).
- a general-purpose data processing device e.g., a server computer or a personal computer.
- LAN Local Area Network
- Wide Area Network Wide Area Network
- program modules may be located in both local and remote memory storage devices.
- aspects of the invention may be stored or distributed on tangible computer-readable media, including magnetically or optically readable computer discs, hard-wired or preprogrammed chips (e.g., EEPROM semiconductor chips), nanotechnology memory, biological memory, or other data storage media.
- tangible computer-readable media including magnetically or optically readable computer discs, hard-wired or preprogrammed chips (e.g., EEPROM semiconductor chips), nanotechnology memory, biological memory, or other data storage media.
- computer implemented instructions, data structures, screen displays, and other data related to the invention may be distributed over the Internet or over other networks (including wireless networks), on a propagated signal on a
- the data may be provided on any analog or digital network (packet switched, circuit switched, or other scheme).
- a user may use a personal computing device (e.g., a phone 102, a persona! computer 104, etc.) to communicate with a network (e.g., to receive a web page provided by a publisher and view any advertisements on the displayed web page).
- a personal computing device e.g., a phone 102, a persona! computer 104, etc.
- a network e.g., to receive a web page provided by a publisher and view any advertisements on the displayed web page.
- the term "phone,” as used herein, may be a personal digital assistant (PDA), a portable email device (e.g., a Blackberry®), a portable media player (e.g., an IPod Touch®), or any other device having communication capability to connect to the network.
- PDA personal digital assistant
- portable email device e.g., a Blackberry®
- portable media player e.g., an IPod Touch®
- the phone 102 connects using one or more cellular transceivers or base station antennas 106 (in cellular implementations), access points, terminal adapters, routers or modems 108 (in iP- based telecommunications implementations), or combinations of the foregoing (in converged network embodiments).
- the network 1 10 is the Internet, allowing the phone 102 (with, for example, WiFi capability) or the personal computer 104 to access web content offered through various web servers.
- the network 1 10 may be any type of cellular, IP-based or converged
- GSM Global System for Mobile Communications
- TDMA Time Division Multiple Access
- CDMA Code Division Multiple Access
- OFDM Orthogonal Frequency Division Multiple Access
- GPRS General Packet Radio Service
- EDGE Enhanced Data GSM Environment
- AMPS Advanced Mobile Phone System
- WiMAX Worldwide Interoperability for Microwave Access
- UMTS Universal Mobile Telecommunications System
- EVDO Evolution- Data Optimized
- LTE Long Term Evolution
- UMB Ultra Mobile Broadband
- VoIP Voice over Internet Protocol
- UMA Unlicensed Mobile Access
- a user uses one of the personal computing devices (e.g., the phone 102, the personal computer 104, etc.) to connect to a desired web site.
- the web site may be hosted by a web server 120.
- a web server or an operator of such a web server, functions as a publisher of the advertisements by virtue of receiving advertisements from an ad network and serving the
- the web server 120 may also introduce ad spaces within the web site displayed to the user and may further communicate with an ad network platform server (or simply, a "platform server") 1 14 to communicate and receive advertisements to be placed in the ad spaces.
- the platform server may expose APIs that may be used by the web server to cause the advertisement to be placed in the displayed web site.
- the platform server 1 14 may communicate, in one example, with the web server through the network 1 10.
- the platform server 1 14 comprises a server computer 1 16 coupled to a local database 1 18.
- platform server refers to an individual or multiple server stations or other computing apparatus. As shown in Figure 1 , in some embodiments, the personal computing devices and the web server 1 14 are also connected through the network 1 10 (e.g., the internet). In some instances, the platform server 1 14 may communicate with an advertiser network 132 to receive advertisements and provide statistics related to the advertisements placed in conjunction with various publishers. The advertising network may be operated by or on behalf of the advertisers and may serve as the repository for all the information to be handled by the ad network. In some instances, the platform server 1 14 communicates with the advertiser network 132 via network 1 10 (using, e.g., API calls exposed either by the advertiser network 132 or the platform server 1 14).
- the platform server offers an ad network fraud detection service (simply, the "fraud detection service”) that is further discussed in detail throughout this description.
- ad network fraud detection service implies, the "fraud detection service”
- the user is directed to an advertisement landing page in his terminal that has more details about the advertisement.
- the advertisement landing page may be a location directly serviced by, for example, the advertiser network 132, allowing the user to be directly connected to the advertiser.
- the web server 120 communicates via the API to the platform server 1 14 (i.e., the ad network) to expose information about, for example, the click event, the IP address of the entity (i.e., the user terminal 104) that placed the click, etc.
- the publisher is typically compensated according to this information exposed to the ad network.
- the publisher in some instances, may be a click fraud aggressor, causing fraudulent and illegitimate click events to be fed to the ad network.
- the fraud detection service introduced herein adds further functionality to the advertisement provision process detailed immediately above to avoid such fraud instances.
- the ad network causes an additional landing page to be initiated.
- This additional landing page is a landing page controlled by and associated by the platform server 1 14 (i.e., the ad network).
- the platform server registers that "Ianding" as a click event associated with the click. Since the Ianding page is directly controlled by the ad network, the platform server can further record instances related to the IP address of the user 104 and other such information using mechanisms known to a person of ordinary skill in the art.
- the ad network Ianding page 220A is the first Ianding page of the link.
- This first Ianding page 220A may be a dummy page indicating, for example, a quick note that the user is being directed to the advertiser Ianding page 230A (i.e., the desired page), and then quickly change display to the advertiser Ianding page 230A. This way, the ad network ianding page is registered, but is quickly taken away from the user's view.
- FIG. 2B when the user clicks on the ad link 210B, two ianding pages may be caused to be opened as a result of the click.
- This other Ianding page 220B may, for example, close automaticaily before even being noticed by the user, or may otherwise be heid innocuous (e.g., display dummy information related even to the reievant advertiser, display a blank page, etc.).
- the ad network Ianding page 220C may be buiit in within the advertisement Ianding page 230C in a manner that is not obtrusive to the user.
- any other examples of offering a landing page as may be contemplated by a person of ordinary skill in the art, are also considered to be contemplated as part of this disclosure.
- Figure 3 now presents a flow diagram that depicts an illustrative associated with the techniques discussed herein. The process starts at step 310. Step 310 depicts a sub-process that happens in conjunction with the ad network whenever a user clicks on an ad shown on a publisher's website.
- the ads served through the ad network are configured within the fraud detection service. That is, when a user clicks on an ad, the system is configured to cause the ad to initiate a landing page associated with the ad network in addition to a regular landing page associated with the advertiser of the particular ad.
- Step 310 depicts the sub-process that happens every time an ad click is received.
- the sub-process starts at step 31 OA where a user clicks an ad.
- the click may directly or indirectly be reported by the publisher through, for example, an API between the publisher and the ad network.
- the user is directed to or is subject to a special landing page that is directly associated with the ad network.
- the ad network landing page may be determined at run time by the ad network and fed through the publisher (e.g., using the API connection).
- the content and location of the ad network landing page may be pre-configured in association with the ad and may be initiated without direct intervention by the ad network.
- Other examples of run-time or non-run-time provisioning of the ad network landing page information are also considered contemplated by the disclosure herein.
- the sub-process 310 may also include a step 310C that allows the publisher to report an IP address or other such information about the click event to the ad network. It is understood that in some instances, the IP information and other click event information may be aggregated over time before being fed into the ad network system or may be done ad hoc as and when a click event happens.
- the ad network receives, based on the landing page (that is controlled by the ad network) information pertinent to the landing. For example, the connecting user's IP address, time information, etc. may be logged as discussed above. This information, in one example, may be
- step 330 For example, as a statistical analysis comparing the informaiion submitted by the publisher (e.g., through the ciick events) and information gathered by the ad network from the landing page information.
- the fraud detection service analyzes the results of the statistical analysis to determine whether there is disparity between the reported ciick events and the landing-page aggregated information.
- a substantial disparity within one publisher's click event reporting may by itself result in a conclusion that the publisher's reporting was fraudulent.
- the fraud detection service may compare the disparity in a particular publisher's report-out and compare that disparity against disparities computed for other publishers.
- the process identifies at step 350 that the publisher is fraudulent and initiates corresponding actions.
- Figure 4 is a high-level block diagram showing an example of the architecture for a computer system 600 that can be utilized to implement a platform server (e.g., 1 14 from Fig. 1 ), a web server (e.g., 125 from Fig. 1 ), etc.
- the computer system 600 includes one or more processors 605 and memory 610 connected via an interconnect 625.
- the interconnect 625 is an abstraction that represents any one or more separate physical buses, point to point connections, or both connected by appropriate bridges, adapters, or controllers.
- the interconnect 625 may include, for example, a system bus, a Peripheral Component Interconnect (PCI) bus, a HyperTransport or industry standard architecture (ISA) bus, a small computer system interface (SCSI) bus, a universal serial bus (USB), IIC (I2C) bus, or an Institute of Electrical and Electronics Engineers (IEEE) standard 694 bus, sometimes referred to as "Firewire”.
- PCI Peripheral Component Interconnect
- ISA HyperTransport or industry standard architecture
- SCSI small computer system interface
- USB universal serial bus
- I2C IIC
- IEEE Institute of Electrical and Electronics Engineers
- the processor(s) 605 may include central processing units (CPUs) to control the overall operation of, for example, the host computer, in certain embodiments, the processor(s) 605 accomplish this by executing software or firmware stored in memory 610.
- the processor(s) 605 may be, or may include, one or more programmable general-purpose or special-purpose microprocessors, digital signal processors (DSPs), programmable controllers, application specific integrated circuits (ASICs), programmable logic devices (PLDs), or the like, or a combination of such devices.
- DSPs digital signal processors
- ASICs application specific integrated circuits
- PLDs programmable logic devices
- the memory 610 is or includes the main memory of the computer system 1 100.
- the memory 610 represents any form of random access memory
- RAM random access memory
- ROM read-only memory
- flash memory any type of non-transitory memory
- the memory 610 may contain, among other things, a set of machine instructions which, when executed by processor 605, causes the processor 605 to perform operations to implement embodiments of the present invention.
- the network adapter 615 provides the computer system 600 with the ability to communicate with remote devices, such as the storage clients, and/or other storage servers, and may be, for example, an Ethernet adapter or Fiber Channel adapter.
- a software module is implemented with a computer program product comprising a computer-readable medium containing computer program code, which can be executed by a computer processor for performing any or all of the steps, operations, or processes described.
- Embodiments of the invention may also relate to an apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, and/or it may comprise a general-purpose computing device selectively activated or reconfigured by a computer program stored in the computer.
- Such a computer program may be stored in a non-transitory, tangible computer readable storage medium, or any type of media suitable for storing electronic instructions, which may be coupled to a computer system bus.
- any computing systems referred to in the specification may include a single processor or may be architectures empioying multiple processor designs for increased computing capability.
- Embodiments of the invention may also relate to a product that is produced by a computing process described herein.
- a product may comprise information resulting from a computing process, where the information is stored on a non-transitory, tangible computer readable storage medium and may include any embodiment of a computer program product or other data combination described herein.
Landscapes
- Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Finance (AREA)
- Economics (AREA)
- Game Theory and Decision Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Marketing (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Transfer Between Computers (AREA)
Abstract
An ad network includes a fraud detection service to detect click-frauds. The ad network utilizes an ad campaign to primarily detect click-frauds. Using the fraud detection service, the ad network tracks a user's click independent of the click tracking performed by the ad network's API. In one embodiment, the ad network causes a click by a user on the advertisement to cause a landing page to be generated. This landing page is operated by the ad network and allows the ad network to register logistics related to the landing that results from the user's click. This information related to the landing cannot be altered by the publisher. By utilizing various statistical analyses of the two user counts of each publisher with that of the other publishers that are also monitored using the fraud detection service, the fraudulent publishers can be identified.
Description
METHODS AND SYSTEMS FOR CLICK-FRAUD DETECTION IN ONLINE
ADVERTISING
CROSS-REFERENCE TO RELATED APPLICATION
[0001] This application claims priority to U.S. Patent Application No.
13/827,783 filed March 14, 2013 which is a continuation-in part to U.S. Patent Application No. 13/623,844 filed September 20, 2012, which claims priority to U.S. Provisional Application Nos. 61/654,703, filed June 1 , 2012, 61/654,802 filed June 1 , 2012, 61 /672,939, filed July 18, 2012, and 61 /698,449, filed September 7, 2012. This application also claims priority to U.S. Provisional Patent Application Nos.
61/713,421 filed October 12, 2012 and 61/760,952 filed February 5, 2013. The preceding are hereby incorporated by reference in their entireties.
FIELD
[0002] Various embodiments of the disclosed facility generally relate to providing services and information to an internet user.
BACKGROUND
[0003] Online advertising is a form of promotion that uses the Internet and World Wide Web to deliver marketing messages to attract customers. Examples of online advertising include contextual ads on search engine results pages, banner ads, blogs, rich media Ads, social network advertising, interstitial ads, online classified advertising, advertising networks and e-mail marketing, including e-mail spam. Many of these types of ads are delivered by an ad server. One major benefit of online advertising is the immediate publishing of information and content that is not limited by geography or time.
[0004] Click-through rate (CTR) is a way of measuring the success of an online advertising campaign for a particular website. The click-through rate of an advertisement is defined as the number of clicks on an ad divided by the number of times the ad is shown (impressions), expressed as a percentage. For example, if a banner ad is delivered 100 times (100 impressions) and receives one click, then the click-through rate for the advertisement would be 1 %.
[0005] The three most common ways in which online advertising is purchased are CPM, CPC, and CPA. CPM (Cost Per Milie) or CPT (Cost Per Thousand
Impressions) is when advertisers pay for exposure of their message to a specific audience. "Per mille" means per thousand impressions, or loads of an
advertisement. However, some impressions may not be counted, such as a reioad or internal user action.
[0006] CPC (Cost Per Click) or PPC (Pay per click) is when advertisers pay each time a user clicks on their listing and is redirected to their website. They do not actualiy pay for the listing, but only when the listing is clicked on. This system aliows advertising specialists to refine searches and gain information about their market. Under the Pay per click pricing system, advertisers pay for the right to be listed under a series of target rich words that direct relevant traffic to their website, and pay only when someone clicks on their listing which links directly to their website.
[0007] CPC differs from CPV in that each click is paid for regardless of whether the user makes it to the target site. CPA (Cost Per Action or Cost Per Acquisition) or PPF (Pay Per Performance) advertising is performance based and is common in the affiliate marketing sector of the business. In this payment scheme, the publisher takes all the risk of running the ad, and the advertiser pays only for the number of users who complete a transaction, such as a purchase or sign-up.
[0008] In a typical online advertising setup, an advertiser communicates with an advertising network (or simply, an "ad network") to disseminate advertisements according to certain criteria (e.g., definition of certain number of impressions over a certain period, the demography or contextual nature of how the advertisements should be placed, etc.). The ad network then works with hundreds of publishers (i.e., web site operators that place content in various web sites run by them) to have advertisements placed in ad spaces allocated within web sites run by the publishers.
[0009] Ad networks are routinely defrauded (e.g., by publishers) via "click- fraud." Click fraud is a type of fraud that occurs on the internet in pay per click online
advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link. As it applies to an ad-network, click-fraud is a method of fraud by which, for example, a fraudulent publisher generates fake clicks to an API of the ad network.
SUMMARY
[0010] In one embodiment of the invention, an ad network can implement a fraud detection service to detect click-frauds. As part of the fraud detection service, the ad network utilizes an ad campaign to primarily detect click-frauds. For example, an ad for a new car is used to primarily detect those publishers committing click- frauds instead of just marketing the new car to a potential buyer. Using the fraud detection service, the ad network tracks a user's click independent of the click tracking performed by the ad network's API. By utilizing various statistical analyses of the two user counts of each publisher with that of the other publishers that are also monitored using the fraud detection service, the fraudulent publishers can be identified. In one embodiment, by comparing the two user counts of each publisher with that of the other publishers, the ad network can flag as cheats those publishers whose two user counts vary significantly compared to the other publishers. Such a comparison allows the fraud detection service to account for expected variance between the two user counts of a given publisher due to common tracking problems associated with each of the user tracking methods.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] These and other objects, features and characteristics of the present invention will become more apparent to those skilled in the art from a study of the foliowing detailed description in conjunction with the appended claims and drawings, all of which form a part of this specification. In the drawings:
[0012] Figure 1 provides a brief, general description of a representative environment in which the invention can be implemented;
[0013] Figures 2A-2C depict illustrative examples of provisioning an ad- network related landing page;
[0014] Figure 3 depicts a process that illustrates an example of a fraud detection service as introduced herein;
[0015] Figure 4 is a high-level block diagram showing an example of the architecture for a computer system.
[0016] The headings provided herein are for convenience only and do not necessarily affect the scope or meaning of the claimed invention.
DETAILED DESCRIPTION
Overview
[0017] Advertising networks (or simply, "ad networks") are entities that connect advertisers to web sites (also referred to as publishers) that want to host advertisements. An advertiser is the entity (e.g., a beverage manufacturer) that wishes to advertise their products or services. The advertiser may prefer for their advertisements to be placed in relevant market locations, or on relevant days, and in some instances, also have the advertisements served to potentially interested targets. In the world of online computing, ad networks serve as the intermediary between the advertisers and publishers. Publishers, as defined herein, are, for example, operators or administrators of a web site (e.g., an online search results provider, an online news provider, etc.) that provide content beneficial to its users (i.e., the people that log in to the web site for information). One manner in which such publishers gain revenue is by opening up portions of their web site (in most cases, in conjunction with the information posted for the users) to have
advertisements displayed.
[0018] The publishers make such "ad space" available to ad networks. In some instances, the publisher may make available some context related to the information being displayed in a particular web page so as to enable the ad network to cater contextual advertisements to that particular web page. For example, in an online news article about the results of a sports event, the ad network may sense the reader's interest and have advertisements related to tickets for the sports event catered to that particular web page.
[0019] One of the key functions of the ad networks is aggregation of ad space supply from publishers and matching it with advertiser demand. As an intermediary between the advertiser and the publisher, the ad network routinely obtains requirements from an advertiser. This may include contenxtuality requirements, a
specification of the number of impressions to be placed for an advertisement over a given period of time, and other such requirements, in return, the ad network causes the advertisements to be placed with publishers that are subscribed with the ad network. The ad network further collects, for example, statistical information from the publisher for reporting to the advertiser. For example, the ad network may collect, from the publisher, information on click through rates (i.e., an indication of a number of successful clicks of the advertisement) and then compute commensurate compensation for the publisher for allowing the advertisement to be published in their ad space, it is understood that any type of advertisement compensation metric, as understood by a person of ordinary skill in the art, are contemplated in this disclosure.
[0020] in most instances, the ad network uses an application programming interface (API) to communicate with, for example, the publisher or the advertiser. For example, the ad network exposes its API to a publisher, allowing the publisher to communicate {e.g., using API calls or other communication functionalities as understood by a person of ordinary skill in the art) information to the ad network or to receive advertising information from the ad network for placement of advertisements in their ad spaces. Similarly, ad networks may expose their APIs to advertisers to receive information on advertising specs or receive content related to the
advertisements, in some instances, the ad networks directly expose the API to receive information on clicks or other events experienced in the publisher's ad space to make its own determination of statistics. [0021] As introduced briefly above, ad networks are routinely defrauded (e.g., by publishers) via "click-fraud." Click fraud is a type of fraud that occurs on the internet in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link. As it applies to an ad-network, click-fraud is a method of fraud by which a fraudulent publisher generates fake clicks to an APi of the ad network. As explained above, the APi, for example, is a software module utilized by the ad network to serve (i.e. provide) advertisements in the publishers' website and to track
various metrics for each of the served advertisements (e.g. number of impressions for a given ad, number for clicks for the given ad, etc.).
[0022] The ad network's API module maintains a separate record for each publisher to track the advertisements served to each publisher's website and the various metrics recorded for each of the served advertisements. When calculating the various metrics, the ad network's API module receives input values, such as the IP address of the user the ad was served to, the URL of the publisher website's the ad was served from, etc., to calculate the various metrics. The input values received by the ad network's API module are generally provided by the computing device (e.g. mobile phone, desktop computer) of the user the advertisement was served to and from other sources, such as visitor-related logs (i.e. logs that track user activities on a publisher's website) from the publisher's website. [0023] To generate more revenue, fraudulent publishers generate fake clicks to an API of the ad network. A fake click can be easily generated to an ad network's API by submitting fake, generated input values such as a user's IP address, user- agent, click URL, and any other input values required by the ad network's API. To detect click-frauds, the ad networks currently rely on server-side pattern analysis, whereby the ad networks analyze click logs to detect outliers and other abnormalities within various cross-sections of the data. For example, an ad network may notice abnormalities in CTRs (click-through-rates) in various countries (e.g. abnormally high CTRs from India and China compared to U.S. and Canada for a publisher's website) within a fraudulent publisher's data. This method of click detection is costly since it requires teams of specialized analysts, and in most cases it doesn't detect much of the click-fraud.
[0024] in one embodiment of the invention, an ad network can implement a fraud detection service to detect click-frauds. As part of the fraud detection service, the ad network utilizes an ad campaign to primarily detect click-frauds. For example, an ad for a new car is used to primarily detect those publishers committing click- frauds instead of just marketing the new car to a potential buyer. Using the fraud detection service, the ad network tracks a user's click independent of the click tracking performed by the ad network's API. By utilizing various statistical analyses
of the two user counts of each publisher with that of the other publishers that are also monitored using the fraud detection service, the fraudulent publishers can be identified. In one embodiment, by comparing the two user counts of each publisher with that of the other publishers, the ad network can flag as cheats those publishers whose two user counts vary significantly compared to the other publishers. Such a comparison allows the fraud detection service to account for expected variance between the two user counts of a given publisher due to common tracking problems associated with each of the user tracking methods. Illustrative Environment and associated Description of Customized Resolution Functionalities
[0025] Various examples of the techniques introduced above will now be described in further detail. The following description provides specific details for a thorough understanding and enabling description of these examples. One skilled in the relevant art will understand, however, that the techniques discussed herein may be practiced without many of these details. Likewise, one skilled in the relevant art will also understand that the techniques can include many other obvious features not described in detail herein. Additionally, some well-known structures or functions may not be shown or described in detail below, so as to avoid unnecessarily obscuring the relevant description.
[0026] The terminology used below is to be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain specific examples of the invention, indeed, certain terms may even be emphasized below; however, any terminology intended to be interpreted in any restricted manner will be overtly and specifically defined as such in this section.
[0027] Figure 1 and the following discussion provide a brief, general description of a representative environment in which the techniques described herein can be implemented. Although not required, aspects of the invention may be described below in the general context of computer-executable instructions, such as routines executed by a general-purpose data processing device (e.g., a server computer or a personal computer). Those skilled in the relevant art will appreciate that the invention can be practiced with other communications, data processing, or
computer system configurations, including: wireless devices, Internet appliances, hand-held devices (including personal digital assistants (PDAs)), wearable computers, all manner of cellular or mobile phones, multi-processor systems, microprocessor-based or programmable consumer electronics, set-top boxes, network PCs, mini-computers, mainframe computers, and the like. Indeed, the terms "computer," "server," and the like are used interchangeably herein, and may refer to any of the above devices and systems.
[0028] While aspects of the invention, such as certain functions, are described as being performed exclusively on a single device, the invention can also be practiced in distributed environments where functions or modules are shared among disparate processing devices. The disparate processing devices are linked through a communications network, such as a Local Area Network (LAN), Wide Area
Network (WAN), or the Internet. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
[0029] Aspects of the invention may be stored or distributed on tangible computer-readable media, including magnetically or optically readable computer discs, hard-wired or preprogrammed chips (e.g., EEPROM semiconductor chips), nanotechnology memory, biological memory, or other data storage media.
Alternatively, computer implemented instructions, data structures, screen displays, and other data related to the invention may be distributed over the Internet or over other networks (including wireless networks), on a propagated signal on a
propagation medium (e.g., an electromagnetic wave(s), a sound wave, etc.) over a period of time. In some implementations, the data may be provided on any analog or digital network (packet switched, circuit switched, or other scheme).
[0030] As shown in Figure 1 , a user may use a personal computing device (e.g., a phone 102, a persona! computer 104, etc.) to communicate with a network (e.g., to receive a web page provided by a publisher and view any advertisements on the displayed web page). The term "phone," as used herein, may be a personal digital assistant (PDA), a portable email device (e.g., a Blackberry®), a portable media player (e.g., an IPod Touch®), or any other device having communication capability to connect to the network. In one example, the phone 102 connects using
one or more cellular transceivers or base station antennas 106 (in cellular implementations), access points, terminal adapters, routers or modems 108 (in iP- based telecommunications implementations), or combinations of the foregoing (in converged network embodiments).
[0031] in some instances, the network 1 10 is the Internet, allowing the phone 102 (with, for example, WiFi capability) or the personal computer 104 to access web content offered through various web servers. In some instances, especially where the phone 102 is used to access web content through the network 1 10 (e.g., when a 3G or an LTE service of the phone 102 is used to connect to the network 1 10), the network 1 10 may be any type of cellular, IP-based or converged
telecommunications network, including but not limited to Global System for Mobile Communications (GSM), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Orthogonal Frequency Division Multiple Access (OFDM), General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), Advanced Mobile Phone System (AMPS), Worldwide Interoperability for Microwave Access (WiMAX), Universal Mobile Telecommunications System (UMTS), Evolution- Data Optimized (EVDO), Long Term Evolution (LTE), Ultra Mobile Broadband (UMB), Voice over Internet Protocol (VoIP), Unlicensed Mobile Access (UMA), etc.
[0032] in some instances, a user uses one of the personal computing devices (e.g., the phone 102, the personal computer 104, etc.) to connect to a desired web site. In some instances, as shown in this illustrative environment, the web site may be hosted by a web server 120. In the context of this description, such a web server, or an operator of such a web server, functions as a publisher of the advertisements by virtue of receiving advertisements from an ad network and serving the
advertisements within ad spaces of web pages served to users. The web server 120 may also introduce ad spaces within the web site displayed to the user and may further communicate with an ad network platform server (or simply, a "platform server") 1 14 to communicate and receive advertisements to be placed in the ad spaces. As discussed above, the platform server may expose APIs that may be used by the web server to cause the advertisement to be placed in the displayed web site.
[0033] The platform server 1 14 may communicate, in one example, with the web server through the network 1 10. In one embodiment, the platform server 1 14 comprises a server computer 1 16 coupled to a local database 1 18. The term
"platform server" as indicated herein, refers to an individual or multiple server stations or other computing apparatus. As shown in Figure 1 , in some embodiments, the personal computing devices and the web server 1 14 are also connected through the network 1 10 (e.g., the internet). In some instances, the platform server 1 14 may communicate with an advertiser network 132 to receive advertisements and provide statistics related to the advertisements placed in conjunction with various publishers. The advertising network may be operated by or on behalf of the advertisers and may serve as the repository for all the information to be handled by the ad network. In some instances, the platform server 1 14 communicates with the advertiser network 132 via network 1 10 (using, e.g., API calls exposed either by the advertiser network 132 or the platform server 1 14).
[0034] in one embodiment, the platform server offers an ad network fraud detection service (simply, the "fraud detection service") that is further discussed in detail throughout this description. In normal situations, as discussed above, when a user at 104 clicks on a particular advertisement served by the web server 120, the user is directed to an advertisement landing page in his terminal that has more details about the advertisement. The advertisement landing page may be a location directly serviced by, for example, the advertiser network 132, allowing the user to be directly connected to the advertiser. In return, the web server 120 (i.e., the publisher) communicates via the API to the platform server 1 14 (i.e., the ad network) to expose information about, for example, the click event, the IP address of the entity (i.e., the user terminal 104) that placed the click, etc. The publisher is typically compensated according to this information exposed to the ad network.
[0035] The publisher, in some instances, may be a click fraud aggressor, causing fraudulent and illegitimate click events to be fed to the ad network.
However, the fraud detection service introduced herein adds further functionality to the advertisement provision process detailed immediately above to avoid such fraud instances. When a user 104 clicks on a particular advertisement, the ad network causes an additional landing page to be initiated. This additional landing page is a
landing page controlled by and associated by the platform server 1 14 (i.e., the ad network). When the user has landed in this ad network Ianding page, the platform server registers that "Ianding" as a click event associated with the click. Since the Ianding page is directly controlled by the ad network, the platform server can further record instances related to the IP address of the user 104 and other such information using mechanisms known to a person of ordinary skill in the art.
[0036] There are several mechanisms by which the ad network Ianding page may be integrated. Some such examples are provided, purely for the purpose of illustration, with the aid of Figures 2A-2C. It is understood, however, that any other examples of providing an ad network Ianding page in conjunction with the advertiser Ianding page (or providing two Ianding pages for that matter), as may be
contemplated by a person of ordinary skill in the art, may be considered alternative or additional examples that are considered part of this disclosure.
[0037] in one example, as illustrated in Fig. 2A, when the user clicks on an advertisement 21 OA, the ad network Ianding page 220A is the first Ianding page of the link. This first Ianding page 220A may be a dummy page indicating, for example, a quick note that the user is being directed to the advertiser Ianding page 230A (i.e., the desired page), and then quickly change display to the advertiser Ianding page 230A. This way, the ad network ianding page is registered, but is quickly taken away from the user's view.
[0038] in another example, as illustrated in Figure 2B, when the user clicks on the ad link 210B, two ianding pages may be caused to be opened as a result of the click. The first one, the advertisement ianding page 230B, is non-transitory and is displayed to the user, whiie the other Ianding page 220B (the ad network ianding page) is intended to be transitory. This other Ianding page 220B may, for example, close automaticaily before even being noticed by the user, or may otherwise be heid innocuous (e.g., display dummy information related even to the reievant advertiser, display a blank page, etc.).
[0039] In some instances, as illustrated in Figure 2C, the ad network Ianding page 220C may be buiit in within the advertisement Ianding page 230C in a manner
that is not obtrusive to the user. As indicated above, any other examples of offering a landing page, as may be contemplated by a person of ordinary skill in the art, are also considered to be contemplated as part of this disclosure. [0040] Figure 3 now presents a flow diagram that depicts an illustrative associated with the techniques discussed herein. The process starts at step 310. Step 310 depicts a sub-process that happens in conjunction with the ad network whenever a user clicks on an ad shown on a publisher's website. In this scenario depicted here, the ads served through the ad network are configured within the fraud detection service. That is, when a user clicks on an ad, the system is configured to cause the ad to initiate a landing page associated with the ad network in addition to a regular landing page associated with the advertiser of the particular ad. Step 310 depicts the sub-process that happens every time an ad click is received. [0041] As depicted, the sub-process starts at step 31 OA where a user clicks an ad. The click may directly or indirectly be reported by the publisher through, for example, an API between the publisher and the ad network. In response, as shown in step 310B, the user is directed to or is subject to a special landing page that is directly associated with the ad network. In some instances, the ad network landing page may be determined at run time by the ad network and fed through the publisher (e.g., using the API connection). In other examples, the content and location of the ad network landing page may be pre-configured in association with the ad and may be initiated without direct intervention by the ad network. Other examples of run-time or non-run-time provisioning of the ad network landing page information, as understood by a person of ordinary skill in the art, are also considered contemplated by the disclosure herein.
[0042] in addition to directing the user to the landing page, the sub-process 310 may also include a step 310C that allows the publisher to report an IP address or other such information about the click event to the ad network. It is understood that in some instances, the IP information and other click event information may be aggregated over time before being fed into the ad network system or may be done ad hoc as and when a click event happens.
[0043] At step 320, for example, the ad network receives, based on the landing page (that is controlled by the ad network) information pertinent to the landing. For example, the connecting user's IP address, time information, etc. may be logged as discussed above. This information, in one example, may be
aggregated over time (as described above) and compared along with click events reported by the publisher. This is performed in step 330, for example, as a statistical analysis comparing the informaiion submitted by the publisher (e.g., through the ciick events) and information gathered by the ad network from the landing page information.
[0044] At step 340, the fraud detection service analyzes the results of the statistical analysis to determine whether there is disparity between the reported ciick events and the landing-page aggregated information. In some instances, a substantial disparity within one publisher's click event reporting may by itself result in a conclusion that the publisher's reporting was fraudulent. In other instances, for example, the fraud detection service may compare the disparity in a particular publisher's report-out and compare that disparity against disparities computed for other publishers. In one example, if the particular publisher's disparity is an outlier in a statistical comparison with other publishers' disparities, the publisher is determined to be fraudulent. Accordingly, upon such a determination, the process identifies at step 350 that the publisher is fraudulent and initiates corresponding actions.
Otherwise, at step 360, the publisher is determined to not be fraudulent and advertising continues unhindered. Exemplary System Architecture
[0045] Figure 4 is a high-level block diagram showing an example of the architecture for a computer system 600 that can be utilized to implement a platform server (e.g., 1 14 from Fig. 1 ), a web server (e.g., 125 from Fig. 1 ), etc. In Figure 6, the computer system 600 includes one or more processors 605 and memory 610 connected via an interconnect 625. The interconnect 625 is an abstraction that represents any one or more separate physical buses, point to point connections, or both connected by appropriate bridges, adapters, or controllers. The interconnect 625, therefore, may include, for example, a system bus, a Peripheral Component Interconnect (PCI) bus, a HyperTransport or industry standard architecture (ISA)
bus, a small computer system interface (SCSI) bus, a universal serial bus (USB), IIC (I2C) bus, or an Institute of Electrical and Electronics Engineers (IEEE) standard 694 bus, sometimes referred to as "Firewire". [0046] The processor(s) 605 may include central processing units (CPUs) to control the overall operation of, for example, the host computer, in certain embodiments, the processor(s) 605 accomplish this by executing software or firmware stored in memory 610. The processor(s) 605 may be, or may include, one or more programmable general-purpose or special-purpose microprocessors, digital signal processors (DSPs), programmable controllers, application specific integrated circuits (ASICs), programmable logic devices (PLDs), or the like, or a combination of such devices.
[0047] The memory 610 is or includes the main memory of the computer system 1 100. The memory 610 represents any form of random access memory
(RAM), read-only memory (ROM), flash memory (as discussed above), or the like, or a combination of such devices. In use, the memory 610 may contain, among other things, a set of machine instructions which, when executed by processor 605, causes the processor 605 to perform operations to implement embodiments of the present invention.
[0048] Also connected to the processor(s) 605 through the interconnect 625 is a network adapter 615. The network adapter 615 provides the computer system 600 with the ability to communicate with remote devices, such as the storage clients, and/or other storage servers, and may be, for example, an Ethernet adapter or Fiber Channel adapter.
Generally
[0049] The foregoing description of the embodiments of the invention has been presented for the purpose of illustration; it is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Persons skilled in the relevant art can appreciate that many modifications and variations are possible in light of the above disclosure.
[0050] Some portions of this description describe the embodiments of the invention in terms of algorithms and symbolic representations of operations on information. These aigorithmic descriptions and representations are commonly used by those skilled in the data processing arts to convey the substance of their work effectively to others skilled in the art. These operations, while described functionally, computationally, or logically, are understood to be implemented by computer programs or equivalent electrical circuits, microcode, or the like. Furthermore, it has also proven convenient at times, to refer to these arrangements of operations as moduies, without loss of generality. The described operations and their associated moduies may be embodied in software, firmware, hardware, or any combinations thereof.
[0051] Any of the steps, operations, or processes described herein may be performed or implemented with one or more hardware or software moduies, aione or in combination with other devices. In one embodiment, a software module is implemented with a computer program product comprising a computer-readable medium containing computer program code, which can be executed by a computer processor for performing any or all of the steps, operations, or processes described. [0052] Embodiments of the invention may also relate to an apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, and/or it may comprise a general-purpose computing device selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a non-transitory, tangible computer readable storage medium, or any type of media suitable for storing electronic instructions, which may be coupled to a computer system bus. Furthermore, any computing systems referred to in the specification may include a single processor or may be architectures empioying multiple processor designs for increased computing capability.
[0053] Embodiments of the invention may also relate to a product that is produced by a computing process described herein. Such a product may comprise information resulting from a computing process, where the information is stored on a non-transitory, tangible computer readable storage medium and may include any
embodiment of a computer program product or other data combination described herein.
[0054] Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any ciaims that issue on an application based hereon. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.
Claims
1. A method of processing online advertising, the method comprising: provisioning, by an ad network service operated in conjunction with a platform server, an advertisement to be displayed by a pubiisher in an ad space of a web site associated with the pubiisher;
causing, by the ad network service, the advertisement to include a provision for a first landing page, the first landing page being associated with the ad network service;
upon a user clicking on the advertisement in the publisher's ad space, receiving an indication of the user's redirection to at least the first landing page; and
collecting logistics based at least in part on the user's redirection to the first landing page.
2. The method of claim 1 , wherein the ad network service is an intermediary between the pubiisher and an advertisement network, the advertisement network associated with one or more advertisers with advertising content to be distributed for display in one or more web sites associated with the pubiisher.
3. The method of claim 1 , further comprising:
receiving, by the ad network service, an indication of a click event as reported by the pubiisher, the ciick event indicative of the user clicking on the advertisement in the ad space as reported by the publisher.
4. The method of claim 3, further comprising:
correlating the indication of the click event against at least a portion of the collected logistics;
based on an indication of non-correlation between the click event and at least the portion of the collected logistics, determining that the ciick event reported by the publisher is fraudulent.
5. The method of claim 1 , further comprising:
collecting, over a period of time, aggregated logistics related to a pluraiity of redirections to the landing page as a result of one or more users clicking on the advertisement in the publisher's ad space;
receiving, over the period of time, aggregated click events as reported by the publisher over the period of time, each click event being indicative of a given user's click of the advertisemeni within the period of time as reported by the publisher.
6. The method of claim 5, further comprising:
correlating, by the ad network service, the aggregated logistics related to the plurality of redirections to the aggregated click events as reported by the publisher;
based on an indication of non-correlation between the aggregated logistics and the aggregated click events, determining that one or more click events reported by the publisher is fraudulent.
7. The method of claim 5, further comprising:
correlating, by the ad network service, the aggregated logistics related to the plurality of redirections to the aggregated click events as reported by the publisher;
determining a mismatch between the aggregated logistics and the aggregated click events based at least in part on the correlation.
8. The method of claim 7, further comprising:
comparing the mismatch associated with the publisher against a pluraiity of mismatches associated with a plurality of other publishers serviced by the ad network service;
determining whether the mismatch associated with the publisher is an outlier in relation to a statistical representation of the plurality of mismatches; and
based on an indication of the mismatch associated with the publisher being an outlier, determining that one or more click events reported by the publisher is fraudulent.
9. The method of claim 2, wherein upon a user clicking on the
advertisement, the user is redirected to a second landing page, the second landing page associated with the advertising network and an extension of the displayed advertisement.
10. The method of claim 9, wherein the first landing page operates as a segue between the clicking event and the second landing page, the first landing page being displayed for an initial period of time before causing the display to be redirected to the second landing page.
1 1. The method of claim 10, wherein the first landing page and second landing page are substantially simultaneously initiated subsequent to the clicking event, the first landing page being displayed in the background for a given period of time.
12. A method of processing online advertising, the method comprising: receiving, by an ad network service operated by a platform server, indication of a click event associated with a user's clicking of an
advertisement in a publishers web page, the advertisement serviced to the publisher by the ad network service, wherein the indication of the click event is as reported by the publisher;
receiving, by the ad network service, indication of a redirection from the user's terminal to a landing web page associated with the ad network service, the redirection to the landing web page being a result of the user's clicking of the advertisement, redirection information associated with the landing page being incorporated with the advertisement by the ad network service in conjunction with servicing the advertisement to the publisher;
based on an analysis of one or more indications of user's click events and one or more indications of redirections to corresponding landing web pages, determining, by the ad network service, fraudulent activity by the publisher in reporting the click events to the ad network service.
13. The method of claim 12, wherein the analysis of the one or more indications of user's click events and the one or more indications to determine fraudulent activity further includes:
collecting, over a period of time, aggregated logistics related to the one or more redirections to the corresponding landing pages;
receiving, over the period of time, aggregated click events as reported by the publisher over the period of time, each click event being indicative of a given user's click of the advertisement within the period of time as reported by the publisher.
14. The method of claim 13 further comprising:
correlating, by the ad network service, the aggregated logistics related to the one or more of redirections to the aggregated click events as reported by the publisher;
based on an indication of non-correlation between the aggregated logistics and the aggregated click events, determining that one or more click events reported by the publisher is fraudulent.
15. The method of claim 14, further comprising:
correlating, by the ad network service, the aggregated logistics related to the one or more redirections to the aggregated click events as reported by the publisher;
determining a mismatch between the aggregated logistics and the aggregated click events based at least in part on the correlation.
16. The method of claim 15, further comprising:
comparing the mismatch associated with the publisher against a pluraiity of mismatches associated with a plurality of other publishers serviced by the ad network service;
determining whether the mismatch associated with the publisher is an outlier in relation to a statistical representation of the plurality of mismatches; and
based on an indication of the mismatch associated with the publisher being an outlier, determining that one or more click events reported by the publisher is fraudulent.
17. A system, comprising:
at least one memory storing computer-executable instructions; and at least one processor configured to access the at least one memory and execute the computer-executable instructions to perform a set of operations, the operations including:
provisioning, by an ad network service operated in conjunction with a platform server, an advertisement to be displayed by a publisher in an ad space of a web site associated with the publisher;
causing, by the ad network service, the advertisement to include a provision for a first landing page, the first landing page being associated with the ad network service;
upon a user clicking on the advertisement in the publisher's ad space, receiving an indication of the user's redirection to at least the first landing page; and
collecting logistics based at least in part on the user's redirection to the first landing page.
18. The system of claim 1 , wherein the ad network service is an intermediary between the pubiisher and an advertisement network, the advertisement network associated with one or more advertisers with advertising content to be distributed for display in one or more web sites associated with the pubiisher.
19. The system of claim 17, wherein the operations further include:
receiving, by the ad network service, an indication of a click event as reported by the pubiisher, the ciick event indicative of the user clicking on the advertisement in the ad space as reported by the publisher.
20. The system of claim 19, wherein the operations further include:
correlating the indication of the click event against at least a portion of the collected logistics;
based on an indication of non-correlation between the click event and at least the portion of the collected logistics, determining that the click event reported by the publisher is fraudulent.
21. The system of claim 17, wherein the operations further include:
collecting, over a period of time, aggregated logistics related to a plurality of redirections to the landing page as a result of one or more users clicking on the advertisement in the publisher's ad space;
receiving, over the period of time, aggregated click events as reported by the publisher over the period of time, each click event being indicative of a given user's click of the advertisemeni within the period of time as reported by the publisher.
22. The system of claim 21 , wherein the operations further include:
correlating, by the ad network service, the aggregated logistics related to the plurality of redirections to the aggregated click events as reported by the publisher;
based on an indication of non-correlation between the aggregated logistics and the aggregated click events, determining that one or more click events reported by the publisher is fraudulent.
23. The system of claim 21 , wherein the operations further include:
correlating, by the ad network service, the aggregated logistics related to the plurality of redirections to the aggregated click events as reported by the publisher;
determining a mismatch between the aggregated logistics and the aggregated click events based at least in part on the correlation.
24. The system of claim 23, wherein the operations further include:
comparing the mismatch associated with the publisher against a pluraiity of mismatches associated with a plurality of other publishers serviced by the ad network service;
determining whether the mismatch associated with the publisher is an outlier in relation to a statistical representation of the plurality of mismatches; and
based on an indication of the mismatch associated with the publisher being an outlier, determining that one or more click events reported by the publisher is fraudulent.
25. The system of claim 18, wherein upon a user clicking on the advertisement, the user is redirected to a second landing page, the second landing page associated with the advertising network and an extension of the displayed advertisement.
26. The system of claim 25, wherein the first landing page operates as a segue between the clicking event and the second landing page, the first landing page being displayed for an initial period of time before causing the display to be redirected to the second landing page.
27. The system of claim 26, wherein the first landing page and second landing page are substantially simultaneously initiated subsequent to the clicking event, the first landing page being displayed in the background for a given period of time.
28. One or more computer-readable media storing computer-executable instructions that, when executed by at least one processor, configure the at least one processor to perform operations corresponding to a method for monitoring domains, the method comprising:
receiving, by an ad network service operated by a platform server, indication of a click event associated with a user's clicking of an
advertisement in a publishers web page, the advertisement serviced to the
publisher by the ad network service, wherein the indication of the click event is as reported by the publisher;
receiving, by the ad network service, indication of a redirection from the user's terminal to a landing web page associated with the ad network service, the redirection to the landing web page being a result of the user's clicking of the advertisement, redirection information associated with the landing page being incorporated with the advertisement by the ad network service in conjunction with servicing the advertisement to the publisher;
based on an analysis of one or more indications of user's click events and one or more indications of redirections to corresponding landing web pages, determining, by the ad network service, fraudulent activity by the publisher in reporting the click events to the ad network service.
29. The media of claim 28, wherein the analysis of the one or more indications of user's click events and the one or more indications to determine fraudulent activity further includes:
collecting, over a period of time, aggregated logistics related to the one or more redirections to the corresponding landing pages;
receiving, over the period of time, aggregated click events as reported by the publisher over the period of time, each click event being indicative of a given user's click of the advertisemeni within the period of time as reported by the publisher.
30. The media of claim 29, wherein the method further comprises:
correlating, by the ad network service, the aggregated logistics related to the one or more of redirections to the aggregated click events as reported by the publisher;
based on an indication of non-correlation between the aggregated logistics and the aggregated click events, determining that one or more click events reported by the publisher is fraudulent.
31. The media of claim 30, wherein the method further comprises:
correlating, by the ad network service, the aggregated logistics related to the one or more redirections to the aggregated click events as reported by the publisher;
determining a mismatch between the aggregated logistics and the aggregated click events based at least in part on the correlation.
32. The media of claim 31 , wherein the method further comprises:
comparing the mismatch associated with the publisher against a pluraiity of mismatches associated with a plurality of other publishers serviced by the ad network service;
determining whether the mismatch associated with the publisher is an outlier in relation to a statistical representation of the plurality of mismatches; and
based on an indication of the mismatch associated with the publisher being an outlier, determining that one or more click events reported by the publisher is fraudulent.
Applications Claiming Priority (16)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261654802P | 2012-06-01 | 2012-06-01 | |
US201261654703P | 2012-06-01 | 2012-06-01 | |
US61/654,802 | 2012-06-01 | ||
US61/654,703 | 2012-06-01 | ||
US201261672939P | 2012-07-18 | 2012-07-18 | |
US61/672,939 | 2012-07-18 | ||
US201261698449P | 2012-09-07 | 2012-09-07 | |
US61/698,449 | 2012-09-07 | ||
US13/623,844 US20140074601A1 (en) | 2012-09-07 | 2012-09-20 | Methods and systems for mobile ad targeting |
US13/623,844 | 2012-09-20 | ||
US201261713421P | 2012-10-12 | 2012-10-12 | |
US61/713,421 | 2012-10-12 | ||
US201361760952P | 2013-02-05 | 2013-02-05 | |
US61/760,952 | 2013-02-05 | ||
US13/827,783 US20130325591A1 (en) | 2012-06-01 | 2013-03-14 | Methods and systems for click-fraud detection in online advertising |
US13/827,783 | 2013-03-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013181672A1 true WO2013181672A1 (en) | 2013-12-05 |
Family
ID=49673961
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2013/043951 WO2013181672A1 (en) | 2012-06-01 | 2013-06-03 | Methods and systems for click-fraud detection in online advertising |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2013181672A1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080270154A1 (en) * | 2007-04-25 | 2008-10-30 | Boris Klots | System for scoring click traffic |
KR20100077511A (en) * | 2008-12-29 | 2010-07-08 | 엔에이치엔비즈니스플랫폼 주식회사 | Method and system for providing advertisement using both exposure time and number of clicks |
US20110153411A1 (en) * | 2009-12-23 | 2011-06-23 | Kenshoo Ltd. | Method and system for identification of an online purchase without notification of making the purchase |
US20110196721A1 (en) * | 2000-05-05 | 2011-08-11 | Google Inc., A Delaware Corporation | Method and Apparatus for Transaction Tracking Over a Computer Network |
US20110314557A1 (en) * | 2010-06-16 | 2011-12-22 | Adknowledge, Inc. | Click Fraud Control Method and System |
-
2013
- 2013-06-03 WO PCT/US2013/043951 patent/WO2013181672A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110196721A1 (en) * | 2000-05-05 | 2011-08-11 | Google Inc., A Delaware Corporation | Method and Apparatus for Transaction Tracking Over a Computer Network |
US20080270154A1 (en) * | 2007-04-25 | 2008-10-30 | Boris Klots | System for scoring click traffic |
KR20100077511A (en) * | 2008-12-29 | 2010-07-08 | 엔에이치엔비즈니스플랫폼 주식회사 | Method and system for providing advertisement using both exposure time and number of clicks |
US20110153411A1 (en) * | 2009-12-23 | 2011-06-23 | Kenshoo Ltd. | Method and system for identification of an online purchase without notification of making the purchase |
US20110314557A1 (en) * | 2010-06-16 | 2011-12-22 | Adknowledge, Inc. | Click Fraud Control Method and System |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20130325591A1 (en) | Methods and systems for click-fraud detection in online advertising | |
US20220116468A1 (en) | Systems and methods for matching online users across devices | |
JP5911432B2 (en) | Communication of information about activities from different domains in social network systems | |
US11238119B2 (en) | Device identification for multiple device IDs | |
US20150348119A1 (en) | Method and system for targeted advertising based on associated online and offline user behaviors | |
US20130268351A1 (en) | Verified online impressions | |
US11887150B2 (en) | Systems and methods for attributing electronic purchase events to previous online and offline activity of the purchaser | |
CN107077498B (en) | Representing entity relationships in online advertisements | |
US20120323694A1 (en) | Non-invasive sampling and fingerprinting of online users and their behavior | |
US11887132B2 (en) | Processor systems to estimate audience sizes and impression counts for different frequency intervals | |
EP2108172A1 (en) | Advertisement referral based on social ties | |
US20160110775A1 (en) | System and Method for Hash Desktop to Mobile Referral System | |
JP7377192B2 (en) | System and method for cookieless conversion measurement for online digital advertising | |
WO2016191910A1 (en) | Detecting coalition fraud in online advertising | |
US20220159022A1 (en) | Detecting anomalous traffic | |
US10115125B2 (en) | Determining traffic quality using event-based traffic scoring | |
US20150348094A1 (en) | Method and system for advertisement conversion measurement based on associated discrete user activities | |
US20150348096A1 (en) | Method and system for associating discrete user activities on mobile devices | |
WO2009075984A2 (en) | Scalable audit-based protocol for pay-per-action ads | |
WO2013181672A1 (en) | Methods and systems for click-fraud detection in online advertising | |
US20170200182A1 (en) | Annotation of an online content item based on loyalty programs | |
US20230344913A1 (en) | Systems and methods for matching online users across devices | |
US20160148252A1 (en) | Systems and methods for attributing purchase events to previous online activity | |
Chen et al. | Mobile ad fraud: Empirical patterns in publisher and advertising campaign data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13797042 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13797042 Country of ref document: EP Kind code of ref document: A1 |