Abstract
Botnets are a serious threat on the Internet and require huge resources to be thwarted. ISPs are in the best position to fight botnets and there are a number of recently proposed initiatives that focus on how ISPs should detect and remediate bots. However, it is very expensive for ISPs to do it alone and they would probably welcome some external funding. Among others, botnets severely affect ad networks (ANs), as botnets are increasingly used for ad fraud. Thus, ANs have an economic incentive, but they are not in the best position to fight botnet ad fraud. Consequently, ANs might be willing to subsidize the ISPs to do so. We provide a game-theoretic model to study the strategic behavior of ISPs and ANs and we identify the conditions under which ANs are likely to solve the problem of botnet ad fraud by themselves and those under which the AN will subsidize the ISP to achieve this goal. Our analytical and numerical results show that the optimal strategy depends on the ad revenue loss of the ANs due to ad fraud and the number of bots participating in ad fraud.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Directive 2006/24/EC of the European parliament and of the council. Official Journal of the European Union (2006)
2008 Year-in-Review Benchmarks. DoubleClick Research Report (2009)
Biggest, Baddest Botnets: Wanted Dead or Alive. PC World (2009), http://www.pcworld.com/article/169033/biggest_baddest_botnets_wanted_de_or_alive.html
Click Fraud Index. ClickForennsics Inc. (2009)
Internet Advertising Revenue Report. Interactive Advertising Bureau (2009)
Adamic, L.A., Huberman, B.A.: The Web’s hidden order. Communication ACM (2001)
Australian Internet Security Initiative (AISI), A.C., Media Authority: (2010), http://www.acma.gov.au/WEB/STANDARD/1001/pc=PC_310317
Mungamuru, B., Weiss, S., Garcia-Molina, H.: Should Ad Networks Bother Fighting Click Fraud? (Yes, They Should.). Technical report, Stanford InfoLab (2008)
Click Forensics Discovers Click Fraud Surge from New Sophisticated Bahama Botnet: (2009), http://www.clickforensics.com/newsroom/press-releases/144-bahama-botnet.html
Constantin, L.: German Government to Help Rid Computers of Malware (2009), http://news.softpedia.com
Crowcroft, J.: Net Neutrality: The Technical Side of the Debate: A White Paper. SIGCOMM Computer Communication Review (2007)
Daswani, N., Stoppelman, M.: The Anatomy of Clickbot.A. In: Hot Topics in Understanding Botnets (HotBots) (2007)
Edelman, B.G.: Securing Online Advertising: Rustlers and Sheriffs in the New Wild West. SSRN eLibrary (2008)
Edelman, B.G.: Deterring Online Advertising Fraud Through Optimal Payment in Arrears. SSRN eLibrary (2009)
Gandhi, M., Jakobsson, M., Ratkiewicz, J.: Badvertisements: Stealthy Click-Fraud with Unwitting Accessories. Digital Forensic Practice 1(2) (2006)
Viral Web infection siphons ad dollars from Google, http://www.theregister.co.uk/2009/05/14/viral_web_infection/
Botnet caught red handed stealing from Google (2009), http://www.theregister.co.uk/2009/10/09/bahama_botnet_steals_from_google
Grossklags, J., Christin, N., Chuang, J.: Secure or insure?: a game-theoretic analysis of information security games. In: International Conference on World Wide Web (WWW) (2008)
Growing number Of ISPs Injecting Own Content Into Websites (2008), http://www.techdirt.com/articles/20080417/041032874.shtml
Livingood, J., Mody, N., O’Reirdan, M., and Comcast Communications: Recommendations for the Remediation of Bots in ISP Networks. Internet-Draft Version 3, IETF (2009)
Jakobsson, M., Ramzan, Z.: Crimeware. Addison-Wesley, Reading (2008)
Krishnamurthy, B., Wills, C.E.: Cat and Mouse: Content Delivery Tradeoffs in Web Access. In: International conference on World Wide Web (WWW) (2006)
Lelarge, M., Bolot, J.: Economic Incentives to Increase Security in the Internet: The Case for Insurance. In: INFOCOM (2009)
Livingood, J., Mody, N., O’Reirdan, M., and Comcast Communications: ISP: Voluntary Code of Practice for Industry Self-regulation in the Area of e-security. Internet industry code of practice, Internet Industry Association (2009)
Network Bluepill: Stealth Router-based Botnet (2009), http://dronebl.org/blog
Reis, C., Gribble, S.D., Kohno, T., Weaver, N.C.: Detecting In-Flight Page Changes with Web Tripwires. In: USENIX Symposium on Networked Systems Design & Implementation (NSDI) (2008)
Cisco Intrusion Detection Systems, http://www.google.com/products?q=cisco+intrusion+detection+system&aq=3&oq=cisco+in
VeriSign Inc., http://www.verisign.com/ssl/buy-ssl-certificates/secure-site-services/index.html
Vratonjic, N., Freudiger, J., Felegyhazi, M., Hubaux, J.P.: Securing Online Advertising. Technical report 2008-017, EPFL (2008)
Vratonjic, N., Freudiger, J., Hubaux, J.P.: Integrity of the Web Content: The Case of Online Advertising. In: Usenix CollSec (2010)
Vratonjic, N., Raya, M., Hubaux, J.P., Parkes, D.C.: Security Games in Online Advertising: Can Ads Help Secure the Web? In: Workshop on the Economics of Information Security (WEIS) (2010)
Weisstein, E.: Euler-maclaurin integration formulas. MathWorld (2010), http://mathworld.wolfram.com/Euler-MaclaurinIntegrationFormulas.html
Zhao, X., Fang, F., Whinston, A.B.: An economic mechanism for better Internet security. Decision Support Systems 45(4) (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vratonjic, N., Manshaei, M.H., Raya, M., Hubaux, JP. (2010). ISPs and Ad Networks Against Botnet Ad Fraud. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds) Decision and Game Theory for Security. GameSec 2010. Lecture Notes in Computer Science, vol 6442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17197-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-17197-0_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17196-3
Online ISBN: 978-3-642-17197-0
eBook Packages: Computer ScienceComputer Science (R0)