Clicktok: click fraud detection using traffic analysis

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

3 Citations (Scopus)
23 Downloads (Pure)


Advertising is a primary means for revenue generation for millions of websites and smartphone apps. Naturally, a fraction abuse ad networks to systematically defraud advertisers of their money. Modern defences have matured to overcome some forms of click fraud but measurement studies have reported that a third of clicks supplied by ad networks could be clickspam. Our work develops novel inference techniques which can isolate click fraud attacks using their fundamental properties.We propose two defences, mimicry and bait-click, which provide clickspam detection with substantially improved results over current approaches. Mimicry leverages the observation that organic clickfraud involves the reuse of legitimate click traffic, and thus isolates clickspam by detecting patterns of click reuse within ad network clickstreams. The bait-click defence leverages the vantage point of an ad network to inject a pattern of bait clicks into a user's device. Any organic clickspam generated involving the bait clicks will be subsequently recognisable by the ad network. Our experiments show that the mimicry defence detects around 81% of fake clicks in stealthy (low rate) attacks, with a false-positive rate of 110 per hundred thousand clicks. Similarly, the bait-click defence enables further improvements in detection, with rates of 95% and a reduction in false-positive rates of between 0 and 30 clicks per million - a substantial improvement over current approaches.

Original languageEnglish
Title of host publicationWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
Place of PublicationNew York
Number of pages12
ISBN (Electronic)9781450367264
Publication statusPublished - 15 May 2019


  • clickspam
  • advertising
  • click fraud

Fingerprint Dive into the research topics of 'Clicktok: click fraud detection using traffic analysis'. Together they form a unique fingerprint.

Cite this