ISPs and Ad Networks Against Botnet Ad Fraud

  • Nevena Vratonjic
  • Mohammad Hossein Manshaei
  • Maxim Raya
  • Jean-Pierre Hubaux
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6442)


Botnets are a serious threat on the Internet and require huge resources to be thwarted. ISPs are in the best position to fight botnets and there are a number of recently proposed initiatives that focus on how ISPs should detect and remediate bots. However, it is very expensive for ISPs to do it alone and they would probably welcome some external funding. Among others, botnets severely affect ad networks (ANs), as botnets are increasingly used for ad fraud. Thus, ANs have an economic incentive, but they are not in the best position to fight botnet ad fraud. Consequently, ANs might be willing to subsidize the ISPs to do so. We provide a game-theoretic model to study the strategic behavior of ISPs and ANs and we identify the conditions under which ANs are likely to solve the problem of botnet ad fraud by themselves and those under which the AN will subsidize the ISP to achieve this goal. Our analytical and numerical results show that the optimal strategy depends on the ad revenue loss of the ANs due to ad fraud and the number of bots participating in ad fraud.


Ad Fraud Botnets ISP Ad Network Security Game Theory 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Directive 2006/24/EC of the European parliament and of the council. Official Journal of the European Union (2006)Google Scholar
  2. 2.
    2008 Year-in-Review Benchmarks. DoubleClick Research Report (2009)Google Scholar
  3. 3.
    Biggest, Baddest Botnets: Wanted Dead or Alive. PC World (2009),
  4. 4.
    Click Fraud Index. ClickForennsics Inc. (2009)Google Scholar
  5. 5.
    Internet Advertising Revenue Report. Interactive Advertising Bureau (2009)Google Scholar
  6. 6.
    Adamic, L.A., Huberman, B.A.: The Web’s hidden order. Communication ACM (2001)Google Scholar
  7. 7.
    Australian Internet Security Initiative (AISI), A.C., Media Authority: (2010),
  8. 8.
    Mungamuru, B., Weiss, S., Garcia-Molina, H.: Should Ad Networks Bother Fighting Click Fraud? (Yes, They Should.). Technical report, Stanford InfoLab (2008)Google Scholar
  9. 9.
    Click Forensics Discovers Click Fraud Surge from New Sophisticated Bahama Botnet: (2009),
  10. 10.
    Constantin, L.: German Government to Help Rid Computers of Malware (2009),
  11. 11.
    Crowcroft, J.: Net Neutrality: The Technical Side of the Debate: A White Paper. SIGCOMM Computer Communication Review (2007)Google Scholar
  12. 12.
    Daswani, N., Stoppelman, M.: The Anatomy of Clickbot.A. In: Hot Topics in Understanding Botnets (HotBots) (2007)Google Scholar
  13. 13.
    Edelman, B.G.: Securing Online Advertising: Rustlers and Sheriffs in the New Wild West. SSRN eLibrary (2008)Google Scholar
  14. 14.
    Edelman, B.G.: Deterring Online Advertising Fraud Through Optimal Payment in Arrears. SSRN eLibrary (2009)Google Scholar
  15. 15.
    Gandhi, M., Jakobsson, M., Ratkiewicz, J.: Badvertisements: Stealthy Click-Fraud with Unwitting Accessories. Digital Forensic Practice 1(2) (2006)Google Scholar
  16. 16.
    Viral Web infection siphons ad dollars from Google,
  17. 17.
    Botnet caught red handed stealing from Google (2009),
  18. 18.
    Grossklags, J., Christin, N., Chuang, J.: Secure or insure?: a game-theoretic analysis of information security games. In: International Conference on World Wide Web (WWW) (2008)Google Scholar
  19. 19.
    Growing number Of ISPs Injecting Own Content Into Websites (2008),
  20. 20.
    Livingood, J., Mody, N., O’Reirdan, M., and Comcast Communications: Recommendations for the Remediation of Bots in ISP Networks. Internet-Draft Version 3, IETF (2009)Google Scholar
  21. 21.
    Jakobsson, M., Ramzan, Z.: Crimeware. Addison-Wesley, Reading (2008)Google Scholar
  22. 22.
    Krishnamurthy, B., Wills, C.E.: Cat and Mouse: Content Delivery Tradeoffs in Web Access. In: International conference on World Wide Web (WWW) (2006)Google Scholar
  23. 23.
    Lelarge, M., Bolot, J.: Economic Incentives to Increase Security in the Internet: The Case for Insurance. In: INFOCOM (2009)Google Scholar
  24. 24.
    Livingood, J., Mody, N., O’Reirdan, M., and Comcast Communications: ISP: Voluntary Code of Practice for Industry Self-regulation in the Area of e-security. Internet industry code of practice, Internet Industry Association (2009)Google Scholar
  25. 25.
    Network Bluepill: Stealth Router-based Botnet (2009),
  26. 26.
    Reis, C., Gribble, S.D., Kohno, T., Weaver, N.C.: Detecting In-Flight Page Changes with Web Tripwires. In: USENIX Symposium on Networked Systems Design & Implementation (NSDI) (2008)Google Scholar
  27. 27.
  28. 28.
  29. 29.
    Vratonjic, N., Freudiger, J., Felegyhazi, M., Hubaux, J.P.: Securing Online Advertising. Technical report 2008-017, EPFL (2008)Google Scholar
  30. 30.
    Vratonjic, N., Freudiger, J., Hubaux, J.P.: Integrity of the Web Content: The Case of Online Advertising. In: Usenix CollSec (2010)Google Scholar
  31. 31.
    Vratonjic, N., Raya, M., Hubaux, J.P., Parkes, D.C.: Security Games in Online Advertising: Can Ads Help Secure the Web? In: Workshop on the Economics of Information Security (WEIS) (2010)Google Scholar
  32. 32.
    Weisstein, E.: Euler-maclaurin integration formulas. MathWorld (2010),
  33. 33.
    Zhao, X., Fang, F., Whinston, A.B.: An economic mechanism for better Internet security. Decision Support Systems 45(4) (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nevena Vratonjic
    • 1
  • Mohammad Hossein Manshaei
    • 1
  • Maxim Raya
    • 1
  • Jean-Pierre Hubaux
    • 1
  1. 1.Laboratory for computer Communications and Applications (LCA)EPFLSwitzerland

Personalised recommendations