Systems, methods, and media for detecting suspicious activity
First Claim
1. A method for detecting suspicious activity from a plurality of websites, the method comprising:
- collecting, by a server that includes a hardware processor, advertisement impression information associated with a plurality of pages corresponding to a plurality of domains from one or more advertising devices;
calculating, by the hardware processor, from the collected advertisement impression information, a never-in-view statistic for each of the plurality of pages, wherein the never-in-view statistic for each of the plurality of pages corresponds to a likelihood that an advertisement displayed on a page was never within a viewable area of a browser window rendered by a browser application;
aggregating, by the hardware processor, the never-in-view statistic for the plurality of pages corresponding to a domain of the plurality of domains;
calculating, by the hardware processor, a domain-level never-in-view statistic in response to the aggregating;
classifying, by the hardware processor, the domain as a potentially suspicious domain based on the domain-level never-in-view statistic, wherein the domain is classified as being the potentially suspicious domain based on the domain-level never-in-view statistic being greater than a threshold value;
determining, by the hardware processor, additional domains from the plurality of domains having domain-level never-in-view statistics similar to the domain-level never-in-view statistic;
generating, by the hardware processor, a list of pages associated with the potentially suspicious domain and the determined additional domains; and
inhibiting, by the hardware processor, inventory associated with the potentially suspicious domain and the determined additional domains from being purchased via a real-time bidding exchange.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and media for detecting suspicious activity in connection with advertisement impressions are provided. In some embodiments, the method includes: collecting advertisement impression information associated with a plurality of pages; determining, from the collected advertisement impression information, an indication of whether a browser application detected that an advertisement displayed on a webpage was viewable in a browser window; determining, from the collected advertisement impression information, a plurality of viewability statistics for each of the plurality of pages, wherein each viewability statistic indicates a likelihood of whether an advertisement displayed on a webpage was viewable in a browser window; comparing the plurality of viewability statistics with the indication from the browser application; determining a viewability score for the advertisement impression based on the comparison; and identifying the advertisement impression as likely to be suspicious based on the determined viewability score.
-
Citations
17 Claims
-
1. A method for detecting suspicious activity from a plurality of websites, the method comprising:
-
collecting, by a server that includes a hardware processor, advertisement impression information associated with a plurality of pages corresponding to a plurality of domains from one or more advertising devices; calculating, by the hardware processor, from the collected advertisement impression information, a never-in-view statistic for each of the plurality of pages, wherein the never-in-view statistic for each of the plurality of pages corresponds to a likelihood that an advertisement displayed on a page was never within a viewable area of a browser window rendered by a browser application; aggregating, by the hardware processor, the never-in-view statistic for the plurality of pages corresponding to a domain of the plurality of domains; calculating, by the hardware processor, a domain-level never-in-view statistic in response to the aggregating; classifying, by the hardware processor, the domain as a potentially suspicious domain based on the domain-level never-in-view statistic, wherein the domain is classified as being the potentially suspicious domain based on the domain-level never-in-view statistic being greater than a threshold value; determining, by the hardware processor, additional domains from the plurality of domains having domain-level never-in-view statistics similar to the domain-level never-in-view statistic; generating, by the hardware processor, a list of pages associated with the potentially suspicious domain and the determined additional domains; and inhibiting, by the hardware processor, inventory associated with the potentially suspicious domain and the determined additional domains from being purchased via a real-time bidding exchange. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for detecting suspicious activity from a plurality of websites, the system comprising:
-
a memory; and a hardware processor that, when executing computer-executable instructions stored in the memory; collects advertisement impression information associated with a plurality of pages corresponding to a plurality of domains from one or more advertising devices; calculates, from the collected advertisement impression information, a never-in-view statistic for each of the plurality of pages, wherein the never-in-view statistic for each of the plurality of pages corresponds to a likelihood that an advertisement displayed on a page was never within a viewable area of a browser window rendered by a browser application; aggregates the never-in-view statistic for the plurality of pages corresponding to a domain of the plurality of domains; calculates a domain-level never-in-view statistic in response to the aggregating; classifies the domain as a potentially suspicious domain based on the domain-level never-in-view statistic, wherein the domain is classified as being the potentially suspicious domain based on the domain-level never-in-view statistic being greater than a threshold value; determines additional domains from the plurality of domains having domain-level never-in-view statistics similar to the domain-level never-in-view statistic; generates a list of pages associated with the potentially suspicious domain and the determined additional domains; and inhibits inventory associated with the potentially suspicious domain and the determined additional domains from being purchased via a real-time bidding exchange. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for detecting suspicious activity from a plurality of websites, the method comprising:
-
collecting advertisement impression information associated with a plurality of pages corresponding to a plurality of domains from one or more advertising devices; calculating, from the collected advertisement impression information, a never-in-view statistic for each of the plurality of pages, wherein the never-in-view statistic for each of the plurality of pages corresponds to a likelihood that an advertisement displayed on a page was never within a viewable area of a browser window rendered by a browser application; aggregating the never-in-view statistic for the plurality of pages corresponding to a domain of the plurality of domains; calculating a domain-level never-in-view statistic in response to the aggregating; classifying the domain as a potentially suspicious domain based on the domain-level never-in-view statistic, wherein the domain is classified as being the potentially suspicious domain based on the domain-level never-in-view statistic being greater than a threshold value; determining additional domains from the plurality of domains having domain-level never-in-view statistics similar to the domain-level never-in-view statistic; generating a list of pages associated with the potentially suspicious domain and the determined additional domains; and inhibiting inventory associated with the potentially suspicious domain and the determined additional domains from being purchased via a real-time bidding exchange.
-
Specification