DISCOVERY OF RANKING FRAUD FOR MOBILE APPS

DISCOVERY OF RANKING FRAUD FOR MOBILE APPS

Abstract—Ranking fraud in the mobile App market refers to fraudulent or deceptive activities which have a purpose of bumping up the Apps in the popularity list. Indeed, it becomes more and more frequent for App developers to use shady means, such as inflating their Apps’ sales or posting phony App ratings, to commit ranking fraud. While the importance of preventing ranking fraud has been widely recognized, there is limited understanding and research in this area. To this end, in this paper, we provide a holistic view of ranking fraud and propose a ranking fraud detection system for mobile Apps. Specifically, we first propose to accurately locate the ranking fraud by mining the active periods, namely leading sessions, of mobile Apps. Such leading sessions can be leveraged for detecting the local anomaly instead of global anomaly of App rankings. Furthermore, we investigate three types of evidences, i.e., ranking based evidences, rating based evidences and review based evidences, by modeling Apps’ ranking, rating and review behaviors through statistical hypotheses tests. In addition, we propose an optimization based aggregation method to integrate all the evidences for fraud detection. Finally, we evaluate the proposed system with real-world App data collected from the iOS App Store for a long time period. In the experiments, we validate the effectiveness of the proposed system, and show the scalability of the detection algorithm as well as some regularity of ranking fraud activities.

EXISTING SYSTEM

Generally speaking, the related works of this study can be grouped into three categories. The first category is about web ranking spam detection. Specifically, the web ranking spam refers to any deliberate actions which bring to selected webpages an unjustifiable favorable relevance or importance. For example, Ntoulas et al.   have studied various aspects of content-based spam on the web and presented a number of heuristic methods for detecting content based spam. Zhou et al.  have studied the problem of unsupervised web ranking spam detection. Specifically, they proposed an efficient online link spam and term spam detection methods using spamicity. Recently, Spirin and Han  have reported a survey on web spam detection, which comprehensively introduces the principles and algorithms in the literature. Indeed, the work of web ranking spam detection is mainly based on the analysis of ranking principles of search engines, such as PageRank and query term frequency. This is different from ranking fraud detection for mobile Apps. The second category is focused on detecting online review spam. For example, Lim et al] have identified several representative behaviors of review spammers and model these behaviors to detect the spammers. Wu et al.  have studied the problem of detecting hybrid shilling attacks on rating data. The proposed approach is based on the semisupervised learning and can be used for trustworthy product recommendation. Xie et al. have studied the problem of singleton review spam detection. Specifically, they solved this problem by detecting the co-anomaly patterns in multiple review based time series. Although some of above approaches can be used for anomaly detection from historical rating and review records, they are not able to extract fraud evidences for a given time period (i.e., leading session). Finally, the third category includes the studies on mobile App recommendation. For example, Yan and Chen developed a mobile App recommender system, named Appjoy, which is based on user’s App usage records to build a preference matrix instead of using explicit user ratings. Also, to solve the sparsity problem of App usage records, Shi and Ali studied several recommendation models and proposed a content based collaborative filtering model, named Eigenapp, for recommending Apps in their website Getjar. In addition, some researchers studied the problem of exploiting enriched contextual information for mobile App recommendation. For example, Zhu et al. proposed a uniform framework for personalized context-aware recommendation, which can integrate both context independency and dependency assumptions. However, to the best of our knowledge, none of previous works has studied the problem of ranking fraud detection for mobile Apps.

PROPOSED SYSTEM:

First, the download information is an important signature for detecting ranking fraud, since ranking manipulation is to use so-called “bot farms” or “human water armies” to inflate the App downloads and ratings in a very short time. However, the instant download information of each mobile App is often not available for analysis. In fact, Apple and Google do not provide accurate download information on any App. Furthermore, the App developers themselves are also reluctant to release their download information for various reasons. Therefore, in this paper, we mainly focus on extracting evidences from Apps’ historical ranking, rating and review records for ranking fraud detection. However, our approach is scalable for integrating other evidences if available, such as the evidences based on the download information and App developers’ reputation. Second, the proposed approach can detect ranking fraud happened in Apps’ historical leading sessions. However, sometime, we need to detect such ranking fraud from Apps’ current ranking observations. Actually, given the current ranking ra now of an App a, we can detect ranking fraud for it in two different cases. First, if ra now > K_, where K_ is the ranking threshold introduced in Definition 1, we believe a does not involve in ranking fraud, since it is not in a leading event. Second, if ra now < K_, which means a is in a new leading event e, we treat this case as a special case that Te end ¼ te now and u2 ¼ 0. Therefore, such real-time ranking frauds also can be detected by the proposed approach.

Module 1

Leading events

Definition 1 (Leading Event). Given a ranking threshold K e¼½testart;teend_ and corresponding rankings of a, which satisfies Ra start _ K _ a start_1 <r , and r a end _ K _ <r a endþ1 . Moreover, 8t k 2ðt e start ;t e end Þ, we have r a k .  Note that we apply a  ranking threshold K _ K _ _ which is usually smaller than K here because K may be very big (e.g., more than 1,000), and the ranking records beyond K _ (e.g., 300) are not very useful for detecting the ranking manipulations. Furthermore, we also find that some Apps have several adjacent leading events which are close to each other and form a leading session. For example, Fig. 2b shows an example of adjacent leading events of a given mobile App, which form two leading sessions. Particularly, a leading event which does not have other nearby neighbors can also be treated as a special leading session.

Module 2

Leading Sessions

A leading session s of App a contains a time range T s ¼½t s start ;t s end _ and n adjacent leading events fe 1 ; ...;e n g, which satisfies t and there is no other leading session s s start _ ¼ t e 1 start  , t that makes T _ . Meanwhile, 8i  ½1;nÞ, we have ðt e iþ1 start _ t e I end s end s I ¼ t _ _ T Þ < f, where f is a predefined time threshold for merging leading events. Intuitively, the leading sessions of a mobile App represent its periods of popularity, so the ranking manipulation will only take place in these leading sessions. Therefore, the problem of detecting ranking fraud is to detect fraudulent leading sessions. Along this line, the first task is how to mine the leading sessions of a mobile App from its historical ranking records.

Module 3

Identifying the Leading Sessions for Mobile APPs

There are two main steps for mining leading sessions. First, we need to discover leading events from the App’s historical ranking records. Second, we need to merge adjacent leading events for constructing leading sessions. Specifically, Algorithm  demonstrates the pseudo code of mining leading sessions for a given App  In Algorithm , we denote each leading event e and session s as tuples <t e start ;t e end > and <t s start > respectively, where E is the set of leading events in session s. Specifically, we first extract individual leading event e for the given App a (i.e., Step 2 to 7) from the beginning time. For each extracted individual leading event e,we check the time span between e and the current leading session s to decide whether they belong to the same leading session based on Definition 2. Particularly, if ðt s e start ;t _ t Þ < f, will be considered as a new leading session (i.e., Step 8 to 16). Thus, this algorithm can identify leading events and ses- sions by scanning a’s historical ranking records only once. S end s end ;E s

CONCLUDING REMARKS

In this paper, we developed a ranking fraud detection system for mobile Apps. Specifically, we first showed that ranking fraud happened in leading sessions and provided a method for mining leading sessions for each App from its

historical ranking records. Then, we identified ranking based evidences, rating based evidences and review based evidences for detecting ranking fraud. Moreover, we proposed an optimization based aggregation method to integrate all the evidences for evaluating the credibility of leading sessions from mobile Apps. An unique perspective of this approach is that all the evidences can be modeled by statistical hypothesis tests, thus it is easy to be extended with other evidences from domain knowledge to detect ranking fraud. Finally, we validate the proposed system with extensive experiments on real-world App data collected from the Apple’s App store. Experimental results showed the effectiveness of the proposed approach. In the future, we plan to study more effective fraud evidences and analyze the latent relationship among rating, review and rankings. Moreover, we will extend our ranking fraud detection approach with other mobile App related services, such as mobile Apps recommendation, for enhancing user experience.

REFERENCES

[1] (2014). [Online]. Available:   cohen’s_kappa

[2] (2014). [Online]. Available: http://en.wikipedia.org/wiki/ information_retrieval

[3] (2012). [Online]. Available: https://developer.apple.com/news/ index.php?id=02062012a

[4] (2012). [Online]. Available: http://venturebeat.com/2012/07/03/ apples-crackdown-on-app-ranking-manipulation/

[5] (2012). [Online]. Available: http://www.ibtimes.com/applethreatens- crackdown-biggest-app-store-ranking-fra ud-406764

[6] (2012). [Online]. Available: http://www.lextek.com/manuals/ onix/index.html

[7] (2012). [Online]. Available: http://www.ling.gu.se/lager/ mogul/porter-stemmer.

[8] L. Azzopardi, M. Girolami, and K. V. Risjbergen, “Investigating the relationship between language model perplexity and ir precision- recall measures,” in Proc. 26th Int. Conf. Res. Develop. Inform. Retrieval, 2003, pp. 369–370.

[9] D. M. Blei, A. Y. Ng, and M. I. Jordan, “Latent Dirichlet allocation,” J. Mach. Learn. Res., pp. 993–1022, 2003.

[10] Y. Ge, H. Xiong, C. Liu, and Z.-H. Zhou, “A taxi driving fraud detection system,” in Proc. IEEE 11th Int. Conf. Data Mining, 2011, pp. 181–190.

[11] D. F. Gleich and L.-h. Lim, “Rank aggregation via nuclear norm minimization,” in Proc. 17th ACM SIGKDD Int. Conf. Knowl. Discovery Data Mining, 2011, pp. 60–68.

[12] T. L. Griffiths and M. Steyvers, “Finding scientific topics,” Proc. Nat. Acad. Sci. USA, vol. 101, pp. 5228–5235, 2004. [13] G. Heinrich, Parameter estimation for text analysis, “ Univ. Leipzig, Leipzig, Germany, Tech. Rep., http://faculty.cs.byu.edu/~ringger/ CS601R/papers/Heinrich-GibbsLDA.pdf, 2008.

[14] N. Jindal and B. Liu, “Opinion spam and analysis,” in Proc. Int. Conf. Web Search Data Mining, 2008, pp. 219–230.

[15] J. Kivinen and M. K. Warmuth, “Additive versus exponentiated gradient updates for linear prediction,” in Proc. 27th Annu. ACM Symp. Theory Comput., 1995, pp. 209–218.