使用者:Hello World I'm Dad

^[1]

Main article: Pay-per-click

PPC advertising is an arrangement in which webmasters (operators of websites), acting as publishers, display clickable links from advertisers in exchange for a charge per click. As this industry evolved, a number of advertising networks developed, which acted as middlemen between these two groups (publishers and advertisers). Each time a (believed to be) valid Web user clicks on an ad, the advertiser pays the advertising network, which in turn pays the publisher a share of this money. This revenue-sharing system is seen as an incentive for click fraud.

The largest of the advertising networks, Google's AdWords/AdSense and Yahoo! Search Marketing, act in a dual role, since they are also publishers themselves (on their search engines).^[2] According to critics, this complex relationship may create a conflict of interest. This is because these companies lose money to undetected click fraud when paying out to the publisher but make more money when collecting fees from the advertiser. Because of the spread between what they collect and pay out, unfettered click fraud would create short-term profits for these companies.^{[citation needed]}

除了平台主個人的點擊欺詐案件之外，許多大規模點擊欺詐也正在發生。^[2]想從事大規模點擊欺詐的人通常會使用模擬人類行為的自動程式去點擊網頁上的廣告^[3]，然而這些點擊看起來都像是來自同一個人、少量的電腦或是同一個地區，對於廣告主和廣告網路來說會十分可疑，若想從事大規模點擊欺詐，只有一台電腦的話會很容易被發現。

一種規避透過IP特徵偵測點擊欺詐的機制的方法是將現有的用戶流量轉換成點擊和曝光（impression）。^[4]欺詐者可以透過放置十分微小且一直重新載入的廣告以達到對用戶偽裝的效果，並且和廣告主保證所謂的「網頁爬蟲」瀏覽的都是正常的網頁，而呈給用戶點擊欺詐用的網頁。

細小廣告以及其他利用用戶的技術還能與透過獎勵製造的流量併用，像是「有償閱讀」（Paid to Read）網站的會員在瀏覽網站或點擊關鍵字的時候能得到少量的錢，^[5]而有些有償閱讀網站的管理者也是每點擊付費的會員，他們可能會給經常搜尋的人寄特別多的廣告郵件，因為關鍵字的每點擊付費常常是網站的唯一收入。這被稱為強迫搜尋，是一個在線上有償購買用戶行為的產業中不被贊同的行為。

組織性的點擊欺詐可以透過使用非常多的電腦組成犯罪網路從而 使虛假流量的來源顯示在許多位置。由於自動程式仍然無法完全模擬用戶行為，點擊欺詐網路可能會透過感染他人組成殭屍網路或是域名伺服器快取汙染等方法使得一般用戶在不知情的情況下為他們製造收入。廣告主、廣告網路以及警察將會十分難以追查散布在各個國家的點擊欺詐網路。

曝光數欺詐是被用於拉低對手的廣告排序，當競爭對手的廣告點擊率過低的時候，他們就有可能受到懲罰，廣告可能會遭到替換，使得出價較低的廣告得以被換上。^[6]

^[7][8][9]

Click fraud can be as simple as one person starting a small Web site, becoming a publisher of ads, and clicking on those ads to generate revenue. Often the number of clicks and their value is so small that the fraud goes undetected. Publishers may claim that small amounts of such clicking is an accident, which is often the case.^{[citation needed]}

Much larger-scale fraud also occurs.^[3] Those engaged in large-scale fraud will often run scripts which simulate a human clicking on ads in Web pages.^[4] However, huge numbers of clicks appearing to come from just one, or a small number of computers, or a single geographic area, look highly suspicious to the advertising network and advertisers. Clicks coming from a computer known to be that of a publisher also look suspicious to those watching for click fraud. A person attempting large-scale fraud, from one computer, stands a good chance of being caught.

One type of fraud that circumvents detection based on IP patterns uses existing user traffic, turning this into clicks or impressions.^[5] Such an attack can be camouflaged from users by using 0-size iframes to display advertisements that are programmatically retrieved using JavaScript. It could also be camouflaged from advertisers and portals by ensuring that so-called "reverse spiders" are presented with a legitimate page, while human visitors are presented with a page that commits click fraud. The use of 0-size iframes and other techniques involving human visitors may also be combined with the use of incentivized traffic, where members of "Paid to Read" (PTR) sites are paid small amounts of money (often a fraction of a cent) to visit a website and/or click on keywords and search results, sometimes hundreds or thousands of times every day^[6] Some owners of PTR sites are members of PPC engines and may send many email ads to users who do search, while sending few ads to those who do not. They do this mainly because the charge per click on search results is often the only source of revenue to the site. This is known as forced searching, a practice that is frowned upon in the Get Paid To industry.

Organized crime can handle this by having many computers with their own Internet connections in different geographic locations. Often, scripts fail to mimic true human behavior, so organized crime networks use Trojan code to turn the average person's machines into zombie computers and use sporadic redirects or DNS cache poisoning to turn the oblivious user's actions into actions generating revenue for the scammer. It can be difficult for advertisers, advertising networks, and authorities to pursue cases against networks of people spread around multiple countries.

Impression fraud is when falsely generated ad impressions affect an advertiser's account. In the case of click-through rate based auction models, the advertiser may be penalized for having an unacceptably low click-through for a given keyword. This involves making numerous searches for a keyword without clicking of the ad. Such ads are disabled^[7] automatically, enabling a competitor's lower-bid ad for the same keyword to continue, while several high bidders (on the first page of the search results) have been eliminated.

A hit inflation attack is a kind of fraudulent method used by some advertisement publishers to earn unjustified revenue on the traffic they drive to the advertisers』 Web sites. It is more sophisticated and harder to detect than a simple inflation attack.

This process involves the collaboration of two counterparts, a dishonest publisher, P, and a dishonest Web site, S. Web pages on S contain a script that redirects the customer to P's Web site, and this process is hidden from the customer. So, when user U retrieves a page on S, it would simulate a click or request to a page on P's site. P's site has two kinds of webpages: a manipulated version, and an original version. The manipulated version simulates a click or request to the advertisement, causing P to be credited for the click-through. P selectively determines whether to load the manipulated (and thus fraudulent) script to U's browser by checking if it was from S. This can be done through the Referrer field, which specifies the site from which the link to P was obtained. All requests from S will be loaded with the manipulated script, and thus the automatic and hidden request will be sent.^[8]

This attack will silently convert every innocent visit to S to a click on the advertisement on P's page. Even worse, P can be in collaboration with several dishonest Web sites, each of which can be in collaboration with several dishonest publishers. If the advertisement commissioner visits the Web site of P, the non-fraudulent page will be displayed, and thus P cannot be accused of being fraudulent. Without a reason for suspecting that such collaboration exists, the advertisement commissioner has to inspect all the Internet sites to detect such attacks, which is infeasible.^[8]

Another proposed method for detection of this type of fraud is through use of association rules.^[9]

影響一個網頁在有機搜尋中的排名的一個重要因素就是點擊率，計算方法是將點擊數除以曝光數，或者說將一個搜尋結果被點擊的次數除以搜尋結果被展示的次數。

和每點擊付費欺詐相反，當你的競爭對手正在購買殭屍網路服務或是低價勞力以產生虛假點擊時，點擊率欺詐的目的就是將競爭對手的點擊率降低，從而不斷地降低他們的網站在搜尋引擎最佳化中的排名。

更壞的點擊率欺詐者或許還會在削弱對手的同時提升自己網站的排名，或是他的政治立場等。我們對於這個問題上演的規模還不清楚，但很明顯有許多網站開發者都很在意網站在分析工具上的指標。

One major factor that affects the ranking of websites in organic search results is the CTR (Click-through Rate). That is the ratio of clicks to impressions, or in other words how many times a search result is clicked on, as compared to the number of times the listing appears in search results.

In contrast to PPC fraud, where a competitor leverages the services of a botnet, or low cost labour, to generate false clicks, in this case the objective is to beggar thy competitor by making their CTR rate as low as possible, thereby diminishing their ranking factor (position from the top of search results).

Bad actors will therefore generate false clicks on organic search results that they wish to promote, while avoiding search results they wish to demote. This technique can effectively create a cartel of business services controlled by the same bad actor, or be used to promote a certain political opinion etc. The scale of this issue is unknown, but is certainly evident to many website developers who pay close attention to the statistics in webmaster tools.

^{[10][11][12][13][14][15][16][17][18][19][20][21]}

• Disputes over the issue have resulted in a number of lawsuits. In one case, Google (acting as both an advertiser and advertising network) won a lawsuit against a Texas company called Auction Experts (acting as a publisher), which Google accused of paying people to click on ads that appeared on Auction Experts' site, costing advertisers $50,000.^[10] Despite networks' efforts to stop it, publishers are suspicious of the motives of the advertising networks, because the advertising network receives money for each click, even if it is fraudulent.
• In July 2005, Yahoo settled a class-action lawsuit against it by plaintiffs alleging it did not do enough to prevent click fraud. Yahoo paid $4.5 million in legal bills for the plaintiffs and agreed to settle advertiser claims dating back to 2004^[11] In July 2006, Google settled a similar suit for $90 million.^[12][13]
• On March 8, 2006, Google agreed to a $90 million settlement fund in the class-action lawsuit filed by Lane's Gifts & Collectibles.^[14] The class-action lawsuit was filed in Miller County, Arkansas, by Dallas attorneys Steve Malouf, Joel Fineberg, and Dean Gresham.^[15] The expert witness for the Plaintiffs in the case was Jessie Stricchiola, an internet search expert who first identified instances of PPC fraud in 2001.^[16]

In 2004, California resident Michael Anthony Bradley created Google Clique, a software program that he claimed could let spammers defraud Google out of millions of dollars in fraudulent clicks, which ultimately led to his arrest and indictment.^[17]

Bradley used technology that he created for his other companies that took him five years to develop. Using this technology, he was able to demonstrate that fraud was possible, and was impossible for Google to detect.

Bradley notified Google of this security flaw, and was willing to work with them to close up some of these holes. However, Bradley was offered $500,000 for his software and technology by some of the world's top spammers. With this information, Bradley thought he could put a price of $100,000 on his technology, and offered to sell Google all rights to his technology, and they could make the Internet a better and safer place.

When Bradley showed up to Google's offices, he demonstrated the software for them, and when they asked what he wanted, he had stated that he would consult for free if they wanted to purchase the rights to his technology. He explained the prior offer of $500,000 and said he knew he could get it, but would settle for $100,000 if they wanted to work together.

Bradley returned to Google's offices and was met by United States Secret Service officers who were undercover. They kept asking him what he wanted, and they even pushed a check for $100,000 to him. Bradley stated that this felt like blackmail and was not comfortable with this, and pushed the money away. Just then the Secret Service came in and arrested him.

Authorities said he was arrested while trying to extort $100,000 from Google in exchange for handing over the program.^[18]

Charges were dropped without explanation on November 22, 2006; both the US Attorney's office and Google declined to comment. Business Week suggests that Google was unwilling to cooperate with the prosecution, as it would be forced to disclose its click fraud detection techniques publicly.^[19]

On June 18, 2016, Fabio Gasperini, an Italian citizen, was extradited to the United States on click fraud charges.^[20] An indictment charged Gasperini with:

• two counts of computer intrusion
• one count of wire fraud
• one count of wire fraud conspiracy
• and one count of money laundering

According to the U.S. government, Gasperini set up and operated a botnet of over 140,000 computers around the world. This was the first click fraud trial in the United States. If convicted of all counts, Gasperini risked up to 70 years in jail.

Simone Bertollini, an Italian-American lawyer, represented Gasperini at trial. On August 9, 2017 a jury acquitted Gasperini of all the felony charges of the indictment. Gasperini was convicted of one misdemeanor count of obtaining information without a financial gain. Gasperini was sentenced to the statutory maximum of one year imprisonment, a $100,000 fine, and one year of supervised release following incarceration. Shortly after he was credited with time served and sent back to Italy. An appeal is currently pending.^[21]

^[22][23][24]

Proving click fraud can be very difficult, since it is hard to know who is behind a computer and what their intentions are. When it comes to mobile ad fraud detection, data analysis can give some reliable indications. It is important to understand that abnormal metrics can hint at the presence of different types of frauds. To detect click fraud in ad campaign, advertisers can focus on the following attribution points:

• IP Address: As bots run similar scripts from the same server, any click fraud on mobile ads will indicate a high density of clicks coming from the same IP address or a range of similar IP addresses. Advertisers can also run check on IP addresses to verify their history with another fraud.
• Click Timestamp: Click timestamp maintains the time at which the click is made on the ad. The bot-based click fraud runs repeatedly to attempt clicking on the ads, which increases click frequency for that duration. A high range of clicks with almost similar timestamp points at the possibility of click fraud. A low duration and high frequency mean a high probability of fraud.
• Action Timestamp: Action timestamp is the time at which the user takes action on (or engages with) the app or website. With a bot-based click attack, there can be a similarity with action timestamp. As bot clicks on the advertisement and then performs the action on app or website without any delay, the advertiser can notice a low or almost no action timestamp.

Often the best an advertising network can do is to identify which clicks are most likely fraudulent and not charge the account of the advertiser. Even more sophisticated means of detection are used,^[22] but none are foolproof.

The Tuzhilin Report^[23] produced as part of a click fraud lawsuit settlement, has a detailed and comprehensive discussion of these issues. In particular, it defines "the Fundamental Problem of invalid (fraudulent) clicks":

• "There is no conceptual definition of invalid clicks that can be operationalized [except for certain obviously clear cases]."
• "An operational definition cannot be fully disclosed to the general public because of the concerns that unethical users will take advantage of it, which may lead to a massive click fraud. However, if it is not disclosed, advertisers cannot verify or even dispute why they have been charged for certain clicks."

The PPC industry is lobbying for tighter laws on the issue. Many hope to have laws that will cover those not bound by contracts.

A number of companies are developing viable solutions for click fraud identification and are developing intermediary relationships with advertising networks. Such solutions fall into two categories:

1. Forensic analysis of advertisers' web server log files.This analysis of the advertiser's web server data requires an in-depth look at the source and behavior of the traffic. As industry standard log files are used for the analysis, the data is verifiable by advertising networks. The problem with this approach is that it relies on the honesty of the middlemen in identifying fraud.
2. Third-party corroboration.Third parties offer web-based solutions that might involve placement of single-pixel images or Javascript on the advertiser's web pages and suitable tagging of the ads. The visitor may be presented with a cookie. Visitor information is then collected in a third-party data store and made available for download. The better offerings make it easy to highlight suspicious clicks, and they show the reasons for such a conclusion. Since an advertiser's log files can be tampered with, their accompaniment with corroborating data from a third party forms a more convincing body of evidence to present to the advertising network. However, the problem with third-party solutions is that such solutions see only part of the traffic of the entire network. Hence, they can be less likely to identify patterns that span several advertisers. In addition, due to the limited amount of traffic they receive when compared to middlemen, they can be overly or less aggressive when judging traffic to be fraud.

In a 2007 interview in Forbes, Google click fraud czar Shuman Ghosemajumder said that one of the key challenges in click fraud detection by third-parties was access to data beyond clicks, notably, ad impression data.^[24]

Click fraud is less likely in cost per action models.

^[25][26]

The fact that the middlemen (search engines) have the upper hand in the operational definition of invalid clicks is the reason for the conflict of interest between advertisers and the middlemen, as described above. This is manifested in the Tuzhilin Report^[23] as described above. The Tuzhilin report did not publicly define invalid clicks and did not describe the operational definitions in detail. Rather, it gave a high-level picture of the fraud-detection system and argued that the operational definition of the search engine under investigations is "reasonable". One aim of the report was to preserve the privacy of the fraud-detection system in order to maintain its effectiveness. This prompted some researchers to conduct public research on how the middlemen can fight click fraud.^[25] Since such research is presumably not tainted by market forces, there is hope that this research can be adopted to assess how rigorous a middleman is in detecting click fraud in future law cases. The fear that this research can expose the internal fraud-detection system of middlemen still applies. An example of such research is that done by Metwally, Agrawal and El Abbadi at UCSB. Other work by Majumdar, Kulkarni, and Ravishankar at UC Riverside proposes protocols for the identification of fraudulent behavior by brokers and other intermediaries in content-delivery networks.

There are different kinds of heat maps:

• Biology heat maps are typically used in molecular biology to represent the level of expression of many genes across a number of comparable samples (e.g. cells in different states, samples from different patients) as they are obtained from DNA microarrays.
• The tree map is a 2D hierarchical partitioning of data that visually resembles a heat map.
• A mosaic plot is a tiled heat map for representing a two-way or higher-way table of data. As with treemaps, the rectangular regions in a mosaic plot are hierarchically organized. The means that the regions are rectangles instead of squares. Friendly (1994) surveys the history and usage of this graph.
• A density function visualization is a heat map for representing the density of dots in a map. It enables one to perceive density of points independently of the zoom factor. Perrot et al (2015) proposed a way to use density function to visualize billions and billions of dots using big data infrastructure with Spark and Hadoop.^[28]

Many different color schemes can be used to illustrate the heat map, with perceptual advantages and disadvantages for each. Rainbow color maps are often used, as humans can perceive more shades of color than they can of gray, and this would purportedly increase the amount of detail perceivable in the image. However, this is discouraged by many in the scientific community, for the following reasons:^{[29][30][31][32][33]}

• The colors lack the natural perceptual ordering found in grayscale or blackbody spectrum colormaps.^[29]
• Common colormaps (like the "jet" colormap used as the default in many visualization software packages) have uncontrolled changes in luminance that prevent meaningful conversion to grayscale for display or printing. This also distracts from the actual data, arbitrarily making yellow and cyan regions appear more prominent than the regions of the data that are actually most important.^[29]
• The changes between colors also lead to perception of gradients that aren't actually present, making actual gradients less prominent, meaning that rainbow colormaps can actually obscure detail in many cases rather than enhancing it.^[29][33]

Choropleth maps are sometimes incorrectly referred to as heat maps. A choropleth map features different shading or patterns within geographic boundaries to show the proportion of a variable of interest, whereas the coloration a heat map (in a map context) does not correspond to geographic boundaries.^[34]

Several heat map software implementations are freely available:

• R, a free software environment for statistical computing and graphics, contains several functions to trace heat maps^[35][36], including interactive cluster heat maps ^[37] (via the heatmaply R package).
• Gnuplot, a universal and free command-line plotting program, can trace 2D and 3D heat maps^[38]
• Google Fusion Tables can generate a heat map from a Google Sheets spreadsheet limited to 1000 points of geographic data.^[39]
• Dave Green's 'cubehelix' colour scheme provides resources for a colour scheme that prints as a monotonically increasing greyscale on black and white postscript devices^[40]
• Openlayers3 can render a heat map layer of a selected property of all geographic features in a vector layer.^[41]
• Highcharts, a JavaScript charting library, provides the ability create heat maps as a part of its solution.^[42]

• 
  Lake effect snow – weather radar information is usually shown using a heat map.
• 
  Human voice visualized with a spectrogram; a heat map representing the magnitude of the STFT. An alternative visualization is the waterfall plot.
• 
  Example showing the relationships between a heat map, surface plot, and contour lines of the same data
• 
  Combination of surface plot and heat map, where the surface height represents the amplitude of the function, and the color represents the phase angle.
• 
  Score of each contiguous region of a dartboard (not to scale)