-
No Please, After You: Detecting Fraud in Affiliate Marketing Networks
Cookie stuffing is an activity which allows unscrupulous actors online to defraud affiliate marketing programs by causing themselves to receive credit for purchases made by web users, even if the affiliate marketer did not actively perform any marketing for the affiliate program. Using two months of HTTP request logs from a large public university, we present an empirical study of fraud in affiliate marketing programs. First, we develop an efficient, decision-tree based technique for detecting cookie-stuffing in HTTP request logs. Our technique replicates domain-informed human labeling of the same data with 93.3% accuracy. Second, we find that over one-third of publishers in affiliate marketing programs use fraudulent cookie-stuffing techniques in an attempt to claim credit from online retailers for illicit referrals. However, most realized conversions are credited to honest publishers. Finally, we present a stake holder analysis of affiliate marketing fraud and find that the costs and rewards of affiliate marketing program are spread across all parties involved in affiliate marketing programs.
-
The Enterprise's New Clothes: Fashionable IR Techniques
Title: The Enterprise's New Clothes: Fashionable IR Techniques Abstract: When advanced attackers decide to target an organization's digital assets, they don't limit the scope of the compromise to make things easier for investigators later on. With potentially thousands of systems in an enterprise environment affected by a compromise, it is neither feasible nor desirable to perform dead disk forensics on every system that an attacker has accessed. During this presentation, Jay Taylor (Mandiant, IASE 2013) and James Espinosa (Mandiant, IASE 2013) will discuss the mindset and techniques that incident response professionals leverage to efficiently scale their investigations across modern enterprise environments.