Embed Size (px)
Citation preview
For info about the proprietary technology used in comScore products, refer to http://comscore.com/About_comScore/Patents
Invalid Traffic & Viewability: What is the cost of an unseen ad?
Paul Barford Chief Scientist
May 2016
Overview • Objectives • Viewability
– What & how • Invalid traffic (IVT)
– What are attackers doing? • Ad blockers • Counter measures
– Detection, filtration and mitigation • Recent measurements
– Views, IVT, ad blockers
1 comScore Inc. Proprietary
Measuring viewability
comScore Inc. Proprietary 2
Browser
Viewport
Ad
X,Y coords of browser X,Y coords of viewport X,Y coords of ad
ABOVE THE FOLD
BELOW THE FOLD
Screen Size 1280 x 1024
Browser Size 1048 x 944
Viewport Size 1025 x 875
Ad Size 160 x 600
Page Size 1025 x 1325
1
2
3
4
5
6
7
8
9
10
11
12
– Ad viewability: ads that appear within viewable space in a browser on a user’s screen • MRC standards
– Considerations • Screen size • Location of the browser • Location of the ad
relative to the page • User actions including
tab, scroll, minimize
A hybrid approach • Both static and dynamic characteristics must be
considered to produce accurate viewability measurements
• Geometry: consider X,Y coordinates of ad to determine it’s exact location in the viewport
• Timing: use clues associated with content to determine if creative is in-view
• Hybrid method enables broad coverage (97%) plus adaptability to browsing dynamics
comScore Inc. Proprietary 3
The threat landscape • What motivates ad fraud?
– “Because that’s where the money is.” W. Sutton • Fraudster’s advantages
– Anonymity, vulnerabilities, complexity, scale – Humans in the loop
• Key requirement – a way to put $$ in the bank – Ad exchanges and DSPs are obvious opportunities
4 comScore Inc. Proprietary
Who is harmed?
comScore Inc. Proprietary 5
Brands Agencies Trading Desks DSPs Exchanges SSPs Networks Publishers
Everyone
Attack vectors
• Invalid traffic falls into four general categories – Traffic generators – human & automated – Unwanted ads – plugins & injectors – Unseen ads – including popunders & PPV – Misrepresented placements – placement laundering
• Grey areas abound!
Invalid traffic includes both clicks and impressions that Google suspects to not be
the result of genuine user interest
6 comScore Inc. Proprietary
Traffic generation • Valid traffic generation offerings
– Adwords, Outbrain, BingAds, Facebook ads, etc. • Type “purchase web traffic” in Google
– MANY traffic generation offerings • Simple threats: script-based page retrieval
– Ubiquitous - $12/10K impressions – Not very human-like
• More complex threats: botnets* – Objective – look more “human” – As much as $100/10K impressions
7 comScore Inc. Proprietary
Plugins and injectors • Software that generates ads that are not part of publisher
placements – Most do not try to hide
• Plugins enhance native browser functionality – PageRage, BuzzDock, Sambreel, etc.
• Injectors impose ads other than or in addition to those intended – Trick users by promising extended functionality – Google: say 5% of their users have an ad injector – Superfish, JollyWallet, etc.
8 comScore Inc. Proprietary
What about bots? • Bots have been around for a long time
– Originally developed in 90’s to manage host – Compromised hosts under the control of remote entity
• Bots are characterized by key capabilities – Impressions and injection
• Example: Athena botnet – Various ad viewing capabilities
• But, why bother with a botnet? – Clouds are better…
K. Springborn “Inside a Botnet: Athena and Ad Fraud”, comScore blog, 2014. 9 comScore Inc. Proprietary
Unseen ads and PPV nets • Ads that appear in invisible frames
– Simple additions to web pages that can be “viewable” – Many not be 0-size, but still invisible – Often appear as pupup’s/popunders
• PPV network: groups of sites that run tags from a single TG service – Some TG services offer a JS tag that when included on a site pays attractive
CPM – “…will not block any of your site content…” – Tag will “display” camouflaged 3rd party websites
10 comScore Inc. Proprietary
K. Springborn and P. Barford, “Impression Fraud in On-line Advertising via Pay-Per-View Networks”, In the USENIX Security Symposium, 2013
Placement laundering
• How do we know who is requesting an ad or where it’s placed? – We typically rely on trust and Javascript
• “Domain laundering” coined by comScore’s Jeff Kline in ’14 – Recent press release with Google on vulnerability in Safeframe
• Key issue: Low quality ad: $0.01 CPM, High quality ad: $10 CPM
Placement laundering is the act of sending false information to an ad provider about an ad placement
J. Kline and P. Barford, “Placement Laundering and the Complexities of Attribution in Online Advertising”, Under submission, 2015.
11 comScore Inc. Proprietary
Ad blockers on the rise • Ad blockers (browser extensions) have received significant attention
over the past year – Blockers have been available for over a decade – “…ad blocking is robbery, plain and simple” R. Rothenberg,
AdAge • Blockers are here to stay, what can we do?
– Measure and assess their prevalence and impact – Develop technical counter-measures – Take control of the narrative on responsible advertising
comScore Inc. Proprietary 12
Addressing the threats • Basic issues are similar to IT security
– Need to understand (evolving) threats – Detection vs. mitigation – Tools and processes for decision support and remediation
• Core components for addressing ad fraud – Diverse measurement capability – Filters to identify/mitigate threats – Tools for visualization and forensics
13 comScore Inc. Proprietary
Start with telemetry • Objective: breadth and depth
– Any specific measurement method has limits! • Challenges: scale, diversity and dynamics • Census/Ad tags: for a wide variety of threats
– Careful attention to errors/failures • Panel: for plugins, injectors, traffic generators and publisher
side threats • Crawler: for publisher side threats • Honeypots: for traffic generation threats
14 comScore Inc. Proprietary
From telemetry to filters • Objective: accurate, efficient threat identification • Approach: mine diverse telemetry for signals
– Hypothesis-based, iterative process • Write code (i.e., filter) that isolates signals in telemetry associated with
fraud – General vs. sophisticated – Detection vs. active mitigation
• comScore has over 25 different IVT filters
15 comScore Inc. Proprietary
M. Molloy, S. Alfeld and P. Barford, “Contamination Estimation via Convex Relaxations”, In Proceedings of IEEE International Symposium on Information Theory, 2015
Raw Q1 ’16: impressions/IVT
comScore Inc. Proprietary 16
0%
1%
2%
3%
4%
5%
-
10,000,000,000
20,000,000,000
30,000,000,000
40,000,000,000
50,000,000,000
60,000,000,000
70,000,000,000
80,000,000,000
Jan Feb Mar
Gross Impressions
Percent IVT
Raw Q1 ’16: regional imprsn/IVT
comScore Inc. Proprietary 17
0%
1%
2%
3%
4%
5%
-
10,000,000,000
20,000,000,000
30,000,000,000
40,000,000,000
50,000,000,000
60,000,000,000
Jan Feb Mar
North America
0%
1%
2%
3%
4%
5%
-
2,000,000,000
4,000,000,000
6,000,000,000
8,000,000,000
10,000,000,000
12,000,000,000
14,000,000,000
16,000,000,000
Jan Feb Mar
Europe
Gross Impressions
Percent IVT
Norms Q1 ‘16: IVT
18 comScore Inc. Proprietary
0%
1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
January February March
US, desktop
Display
Video
Norms Q1 ‘16: in-view
19 comScore Inc. Proprietary
0%
10%
20%
30%
40%
50%
60%
January February March
US, desktop
Display
Video
Norms Q1 ‘16: direct/indirect
0%
1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
0%
10%
20%
30%
40%
50%
60%
70%
Direct Indirect Direct Indirect
Display Video
Viewability IVT
Conclusion • Summary
– Your ads may not be seen • Viewability has a fixed objective • IVT detection and mitigation is a moving target • Ad blockers are having an impact
– Diverse telemetry + data science can address threats • Q: What is the cost? A: Depends on where you advertise • Future
– Broad deployment of active mitigation – Anti-ad blocking – Cross media
22 comScore Inc. Proprietary
Thank you
23 comScore Inc. Proprietary
