Analysis of malicious affiliate network activity as a test case for an investigatory framework.

Abstract

Currently there is a great deal of literature surrounding methods that can be used to de-tect click-fraud, but there is very little published work on actual cases of click-through fraud. The aim of this paper is to present the details of a real-life fraud, in order that lessons may be learnt to over-come this type of fraud in the future. The paper outlines a fraud that is suspected to have included both PPC and PPS from fraudulent affiliates.
This paper describes a methodology for the investigation process of affiliate network scams, includ-ing the anonymisation of personal and location details, while providing an analysis of an actual crime. In total, the case examined resulted in an estimated loss of around £200,000 with a further estimated loss of over £200,000 if further transactions had not been cancelled.
The methods used within the scam are outlined using anonymised data, and presented to highlight the malicious activity. This included both pay-per-click and pay-per-sale scams most likely using sto-len identity information. It concludes with the methods that may be helpful in possibly identifying malicious activity with affiliate networks and how a framework can be setup to investigate these crimes.
The current work involves developing an investigatory framework focused on the early detection of electronic fraud, and the work done for this paper will be used as a test case on affiliate fraud data. The future aim of the research is to completely automate the investigatory framework that will allow incident data to be processed so that the context of a crime is not lost, but that it anonymises and protects the identity of those involved.