Digital Ad Fraud Prevention Using The Reverse Proxy Approach

December 2, 2015 Charlie Minesinger

In my previous blog, I provided a brief overview of the four technology approaches in the market for preventing digital ad fraud and mitigating bot traffic. For instance, many anti-fraud platforms in the market today use a single pixel embedded in an ad in order to identify and track unsolicited non-human traffic. The heritage of the single pixel approach comes from ad serving technology and it’s a powerful way to track and measure digital ad fraud. Vendors in this space include White Ops, Integral Ad Science, Forensiq and DoubleVerify.

The heritage of the reverse proxy approach was derived  from IT security and is a powerful way to stop non-human traffic before it interacts with a website’s origin servers. That is to say, a reverse proxy approach seeks to answer the question “is this a real human attempting to access my website?” and get the answer without any false positives and without interrupting the user experience in any way. A reverse proxy enables the incorporation of a multitude techniques, such as turing tests (e.g., CAPTCHAs), while maintaining control and offering a variety of methods to manage bot traffic once detected. Below is an analysis of the single pixel approach versus  using Distil Networks as the exemplar reverse proxy vendor.

Pixel vs. Reverse Proxy

Overview of pixel with ad approach

The pixel with ad approach uses the same methodology to target prospective customers to now target, or capture signals, from prospective bad bots. The most popular fraud signals in advertising and ad networks rely on the use of a single pixel in an ad call that “fires” JavaScript when the ad loads in the browser. The GET from the pixel in the ad call sets up a JavaScript that executes one time. The JavaScript posts data back to the pixel provider and then the fraud probability is calculated based on an analysis of the IP reputation, a crude “fingerprint” ( = user agent + IP address), and patterns of requests from the paired user agent and IP address.  The decision about what is labeled fraud relies on JavaScript executing, IP reputation, and an analysis of traffic patterns. Fraud signals are then provided to the ad network and the advertiser.

Overview of Distil Networks reverse proxy approach

Distil sits inline with web traffic on a publisher site or advertiser’s landing page and inspects each http request in real time, determines if it’s a bot or not, then passes the request to origin. Distil analyzes 40+ criterion from each client request then builds a fingerprint unique to the browser making the connection. Fingerprints are “sticky” to the bot even if it attempts to reconnect from random IP addresses or hide behind an anonymous proxy. Distil interrogates the browser to ensure the browser is indeed who it claims to be. Challenges to the browser are inserted and the responses reviewed dynamically to prevent pre-emptive spoofing.

Distil uses behavioral analytics and machine learning to minimize false positives and optimize protection for each domain. Being inline, Distil can periodically intercept suspicious traffic that does not fit with the site’s unique traffic patterns and challenge it with a hardened turing tests, and then feed the response data back into its machine learning algorithms. Distil gathers attack information across customers and distributes it back out to all Distil-protected sites.

Key differences between single pixel with ad approach and Distil Networks’ reverse proxy

The heritage of the single pixel with adtech translates into strong end-user fraud reporting and auditing capabilities. However, in analyzing Distil Networks’ technology, three key advantages rose to the fore.

  • Accurate.  Multiple injections with a reverse proxy service provides a more accurate and detailed fingerprint versus a single JavaScript injection.  A single pixel placed in creative executes one GET, so it can’t interactively inspect the client’s browser and hardware. Using Distil’s service with JavaScript tests, there are many injections and these are randomized across the page ensuring an unpredictable experience for the bad guys and their bots.

  • Proactive. A pixel is a reactive signal while Distil is a proactive mechanism. A pixel will signal a suspicious request and provides advanced reporting which can be used to audit an advertising program or adjust ad rates after the fact. Distil’s reverse proxy takes action on the fraudsters before a page loads. This approach has other advantages in that it protects against random spikes in bot traffic, skewed analytics, and other online threats such as web scraping, spam, transaction fraud, and brute force attacks.

  • Domain Specific.  The single pixel approach relies on data across a vast network of sites yet there is little or no domain-specific behavioral modeling or heuristics based on requested URLs, click path, or speed of navigation. Distil leverages domain-specific human behavior and machine learning to identify dangerous anomalies. This is not possible with a single pixel firing from creative.

The bottom line

Digital publishers may benefit by using a layered approach to stopping digital ad fraud in which they combine the pixel in ad approach with a reverse proxy service like Distil Networks.

About the Author

Charlie Minesinger

Charlie Minesinger is the Director of Sales at Distil Networks focused on strategic accounts and channels. Charlie has over a decade of experience selling into enterprises and brand accounts, including Sprint, Disney, Nortel, Amazon, Cisco, AIG, Mattel. Charlie brings with him experience in start-ups and selling into new markets.

Follow on Twitter More Content by Charlie Minesinger
Previous Article
Understanding Bot Motives with Top Targeted Content Reporting
Understanding Bot Motives with Top Targeted Content Reporting

Understand the motives behind bot attacks. Get a summary of top content targeted by bots. Don’t sift throug...

Next Article
The Four Technology Approaches to Combatting Digital Ad Fraud
The Four Technology Approaches to Combatting Digital Ad Fraud

Compare the four technology approaches for digital ad fraud solutions: on-page, in-ad exchange, challenge b...