Even despite the issue of proper identification of “mixes”, there is one efficient protective measure, which based on the traffic clustering technology. This technology relies on the ML algorithm, which isolates individual fraudulent clusters inside the indivisible bundle. Below is a review of “mixes” on a few short examples from the two most popular and attractive for fraudsters app categories: Games and e-Commerce.
1. A popular mobile MMORPG game.
A group of fraudsters disguised two types of fraud: smart bots and modified click spam. The idea behind their actions was in programming smart bots with quite short TTI. By doing so, fraudsters made a common, looking similar to organics, TTI distribution for this “smart bot — click spam” mix. In the given situation, a developer without advanced anti-fraud protection would have considered such a bundle (sub-publisher) as absolutely normal and qualitative. For even more confusion mixed fraud was intentionally divided into many small bundles (sub-publishers). Each of these fraudulent clusters was successfully identified thanks to the active use of Unsupervised Machine Learning (by applying to clustering models) by Scalarr. As a result, the mobile game developer was able to see the fraudulent attack, reject the fake installs and save money on them.
2. An e-commerce shopping app.
Here fraudsters were trying to mix click injection fraud with non-fraudulent traffic. The premise of such an attack was in the fact that the “click injection— non-fraudulent traffic” mix makes the overall traffic look like a non-fraudulent. In this case, since we didn’t have fully labeled data sets for such kind of fraud, we took an advantage of new data points from Google Play (such as referrer time, install time, etc.) for the further traffic clusterization. Such an approach allowed us to have fully isolated individual fraudulent clusters inside the indivisible bundle and clearly recognize the fraudulent and the non-fraudulent traffic.