DOCSLIB.ORG

Framing Dependencies Introduced by Underground Commoditization

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Framing Dependencies Introduced by Underground Commoditization Kurt Thomas Danny Yuxing Huang† David Wang Elie Bursztein Chris Grier Thomas J. Holt∗ Christopher Kruegel§ Damon McCoy‡5◦ Stefan Savage† Giovanni Vigna§ Google †University of California, San Diego §University of California, Santa Barbara 5University of California, Berkeley ◦International Computer Science Institute ∗ Databricks ‡George Mason University Michigan State University Abstract Indeed, the combination of universal Internet connectivity Internet crime has become increasingly dependent on the un- and fragile homogeneous software systems provided fertile derground economy: a loose federation of specialists sell- ground for the development of large-scale host infections ing capabilities, services, and resources explicitly tailored with a centralized command and control infrastructure (c.f. to the abuse ecosystem. Through these emerging markets, the DDoS botnets of the early 2000s). However, the more modern criminal entrepreneurs piece together dozens of à significant evolution—taking place almost entirely in the last la carte components into entirely new criminal endeavors. decade—has been around the motivation and structure of From an abuse fighting perspective, criminal reliance on this these attacks. In particular, the rise of e-commerce, both black market introduces fragile dependencies that, if dis- monetized directly through sales and indirectly via advertis- rupted, undermine entire operations that as a composite ap- ing, engendered Internet-attached hosts with latent value that pear intractable to protect against. However, without a clear could then be monetized via abuse. The confluence of these framework for examining the costs and infrastructure behind two factors—the ease with which hosts could be compro- Internet crime, it becomes impossible to evaluate the effec- mised at scale and the fact that each such hosts could be mon- tiveness of novel intervention strategies. etized for profit—fueled a bloom in criminal entrepreneurship that underlies most threats we experience today online. In this paper, we survey a wealth of existing research in order to systematize the community’s understanding of the Starting with early partnerships between malware authors underground economy. In the process, we develop a taxon- and e-mail spammers (largely focused on the simple problem omy of profit centers and support centers for reasoning about of laundering MTA origin), miscreant innovators soon iden- the flow of capital (and thus dependencies) within the black tified a broad range of monetization strategies and associated market. Profit centers represent activities that transfer money technical needs. Through their actions, today we understand from victims and institutions into the underground. These that a compromised host can encapsulate a broad range of activities range from selling products to unwitting customers extractable value: both through its commodity technical re- (in the case of spamvertised products) to outright theft from sources (e.g., its bandwidth and IP address for sending spam, victims (in case of financial fraud). Support centers provide its CPU for mining crypto-currencies, its storage for hosting critical resources that other miscreants request to streamline content for some scam) and through its unique data resources abuse. These include exploit kits, compromised credentials, (e.g., account usernames and passwords entered, PageRank and even human services (e.g., manual CAPTCHA solvers) of site, credit card numbers, social network membership, and that have no credible non-criminal applications. We use this so on). framework to contextualize the latest intervention strategies Extracting all of this value can be complex and require a and their effectiveness. In the end, we champion a drastic range of specialized knowledge and capabilities. Indeed, it departure from solely focusing on protecting users and sys- would be challenging for any single actor to operate the myr- tems (tantamount to a fire fight) and argue security practi- iad components making up a modern scam. Instead, the emer- tioners must also strategically focus on disrupting frail under- gence of underground marketplaces has allowed individual ground relationships that underpin the entire for-profit abuse actors to specialize in particular capabilities, services, or re- ecosystem—including actors, infrastructure, and access to sources types—without needing to own the entire value chain. capital. Thus, a criminal entrepreneur today will use their own seed capital to purchase individual resources or capabilities à la 1 Introduction carte (e.g., compromised accounts, CAPTCHA solving, or malware) and combine them in new ways. It is this emer- Over the last two decades, attacks on computer systems gence of markets that is the final component of the modern have transitioned from rare incidents to ubiquitous events. abuse ecosystem and has served both to rapidly distribute new Part of this transformation has been driven by technology. 1 business models and to reduce costs through economies of profit. In the process, we capture the stratified roles and their scale. However, migration to this market introduces visible, inter dependencies into a taxonomy of underground organi- cost-sensitive dependencies that, if disrupted, undermine en- zation. These roles place an increased importance on open tire criminal profit-generating schemes that as a composite communication and self-policing between criminal commu- otherwise appear intractable to defeat. nities, the consequences of which open criminal activities to While individual elements of the abuse ecosystem have the research community at-large. been covered to various degrees in the academic literature, none captures the rich fabric of this underground economy 2.1 What is the Black Market? in its full breadth nor provides the context required to under- Computer-based crime and abuse has a long history, with stand the structure and inter-dependencies between individual well-documented cases of computer fraud dating back to the elements. It is this broader perspective that motivates our sur- 1970s.1 Personal computers provided a common substrate for vey paper. Indeed, it is our contention that a systematized would-be actors, giving birth to the first widespread viruses in understanding of underground relationships is critical to de- early 1980s, and the Internet provided a broad transmission veloping effective, long-lasting countermeasures. We cham- vector allowing the first network worms to emerge in the late pion that research and industry must make a drastic depar- 1980s. However, it is only in the 21st century that this activity ture from solely focusing on protecting users and systems morphed from the independent actions of a small number of (tantamount to a fire fight) and strategically pursue disrup- motivated individuals, to a burgeoning set of cooperative en- tions of the brittle dependencies that underpin the entire for- terprises, shared business models, stratified service offerings, profit abuse ecosystem—including actors, resources, and cap- and ever increasing degrees of specialization. ital flow. To this end, our paper makes four contributions: The core of this transformation is the emergence of a • Underground Structure. We define a framework for “black market” economy, built around for profit cybercrime, in which a large number of geographically distributed ac- structuring underground assets based on the role they 2 play in the monetization process: profit-creating activ- tors trade in data, knowledge and services [5, 6]. Absent such a structure, early miscreants needed to operate every ities (scams), cost centers (infrastructure services and 3 markets), and value realization (internal and external facet of their business. By contrast, the same scams today cash-out services). may involve a dozen different parties each responsible for some particular piece of the operation. This is possible be- • Classification. For most of the best-known scams, ser- cause a shared marketplace allows for economies of scale, vices, and capabilities, we explain how they have been and encourages specialization and competition (and hence ef- specialized, how they fit into our structure, the kinds of ficiency). We find evidence of this specialization within un- business models that they naturally express, and the de- derground forums that sell a la carte access to virtually ev- pendencies they produce. ery part of the criminal “value chain” including compromised hosts, fraudulent accounts, stolen credit cards, and even hu- • Interventions. We examine various techniques—both man laborers. Thus, it is possible for a criminal entrepreneur proposed and explored—for intervening in different to outsource these parts of their business and combine them parts of abuse markets with an eye for evaluating how in innovative ways to support new value creation strategies different actions impact miscreant profitability. (typically scams based on defrauding consumers, businesses • Standing Challenges. We stratify the breadth of method- or both). However, whether this commoditization has yet ologies thus far for studying cybercrime and identify key achieved wide-spread adoption within the criminal commu- challenges that will shape the field moving forward. nity remains an open research question. Commoditization directly influences the kinds of business Finally, pursuing research into the abuse ecosystem re- structures and labor agreements that drive recent cybercrime. quires a great
Recommended publications
  • IYIR for HTML

    IYIR for HTML

    INFOSEC UPDATE 2006 Student Workbook Norwich University June 19-20, 2006 M. E. Kabay, PhD, CISSP-ISSMP Assoc. Prof. Information Assurance Program Director, MSIA BSIA Division of Business Management Norwich University [email protected] Copyright © 2006 M. E. Kabay. All rights reserved. Page 1 INFOSEC UPDATE 2006 -- June 19-20, 2006 01 Introduction Category 01 Introduction 2006-06-12 Introduction M. E. Kabay, PhD, CISSP WELCOME Welcome to the 2005 edition of the Information Security Year in Review (IYIR) project. In 1993 and 1994, I was an adjunct professor in the Institute for Government Informatics Professionals in Ottawa, Canada under the aegis of the University of Ottawa. I taught a one-semester course introducting information security to government personnel and enjoyed the experience immensely. Many of the chapters of my 1996 textbook, _The NCSA Guide to Enterprise Security_ published by McGraw-Hill were field-tested by my students. In 1995, I was asked if I could run a seminar for graduates of my courses to bring them up to date on developments across the entire field of information security. Our course had twenty students and I so enjoyed it that I continued to develop the material and teach the course with the NCSA (National Computer Security Association; later called ICSA and then eventually renamed TruSecure Corporation and finally CyberTrust, its current name) all over the United States, Canada, Europe, Asia and the Caribbean. After a few years of working on this project, it became obvious that saving abstracts in a WordPerfect file was not going to cut it as an orderly method for organizing the increasing mass of information that I was encountering in my research.
  • GLOBAL CENSORSHIP Shifting Modes, Persisting Paradigms

    GLOBAL CENSORSHIP Shifting Modes, Persisting Paradigms

    ACCESS TO KNOWLEDGE RESEARCH GLOBAL CENSORSHIP Shifting Modes, Persisting Paradigms edited by Pranesh Prakash Nagla Rizk Carlos Affonso Souza GLOBAL CENSORSHIP Shifting Modes, Persisting Paradigms edited by Pranesh Pra ash Nag!a Ri" Car!os Affonso So$"a ACCESS %O KNO'LE(GE RESEARCH SERIES COPYRIGHT PAGE © 2015 Information Society Project, Yale Law School; Access to Knowle !e for "e#elo$ment %entre, American Uni#ersity, %airo; an Instituto de Technolo!ia & Socie a e do Rio+ (his wor, is $'-lishe s'-ject to a %reati#e %ommons Attri-'tion./on%ommercial 0%%.1Y./%2 3+0 In. ternational P'-lic Licence+ %o$yri!ht in each cha$ter of this -oo, -elon!s to its res$ecti#e a'thor0s2+ Yo' are enco'ra!e to re$ro 'ce, share, an a a$t this wor,, in whole or in part, incl' in! in the form of creat . in! translations, as lon! as yo' attri-'te the wor, an the a$$ro$riate a'thor0s2, or, if for the whole -oo,, the e itors+ Te4t of the licence is a#aila-le at <https677creati#ecommons+or!7licenses7-y.nc73+07le!alco e8+ 9or $ermission to $'-lish commercial #ersions of s'ch cha$ter on a stan .alone -asis, $lease contact the a'thor, or the Information Society Project at Yale Law School for assistance in contactin! the a'thor+ 9ront co#er ima!e6 :"oc'ments sei;e from the U+S+ <m-assy in (ehran=, a $'-lic omain wor, create by em$loyees of the Central Intelli!ence A!ency / em-assy of the &nite States of America in Tehran, de$ict.
  • Click Fraud,' Personal, Non-Commercial Use Only

    Click Fraud,' Personal, Non-Commercial Use Only

    April 6, 2005 PAGE ONE Traffic Jam DOW JONES REPRINTS This copy is for your In 'Click Fraud,' personal, non-commercial use only. To order presentation-ready copies Web Outfits Have for distribution to your colleagues, clients or customers, use the Order A Costly Problem Reprints tool at the bottom of any article or visit: www.djreprints.com. Marketers Worry About Bills Inflated by People Gaming • See a sample reprint in PDF format . The Search-Ad System • Order a reprint of this article now. Mr. McKelvey Turns Detective RELATED ARTICLE By KEVIN J. DELANEY • Internet Firms Face Legal Test on Staff Reporter of THE WALL STREET JOURNAL Advertising Fees3 April 6, 2005; Page A1 Nathan McKelvey began to worry about foul play when Yahoo Inc. refunded him $69.28 early last year. He grew more suspicious when a $16.91 refund arrived from Google Inc. The refunds were for "unusual clicks" and "invalid click activity" and they suggested someone was sabotaging Mr. McKelvey's advertising strategy. He pitches his charter-jet brokerage the way companies increasingly do: contracting with Yahoo and Google to serve up small text ads to anyone searching the Web using certain words, such as "private jet" or "air charter." He pays the search companies a fee every time someone clicks on his ads. But Yahoo and Google determined someone was clicking on CharterAuction.com Inc.'s ads with no intention of doing business, thus unfairly driving up the company's advertising costs. Mr. McKelvey, turning detective, combed through lists of "IP" addresses, the identifying codes supplied by computers when they access Web sites.
  • Clickjacking: Attacks and Defenses

    Clickjacking: Attacks and Defenses

    Clickjacking: Attacks and Defenses Lin-Shung Huang Alex Moshchuk Helen J. Wang Carnegie Mellon University Microsoft Research Microsoft Research [email protected] [email protected] [email protected] Stuart Schechter Collin Jackson Microsoft Research Carnegie Mellon University [email protected] [email protected] Abstract such as a “claim your free iPad” button. Hence, when Clickjacking attacks are an emerging threat on the web. the user “claims” a free iPad, a story appears in the user’s In this paper, we design new clickjacking attack variants Facebook friends’ news feed stating that she “likes” the using existing techniques and demonstrate that existing attacker web site. For ease of exposition, our description clickjacking defenses are insufficient. Our attacks show will be in the context of web browsers. Nevertheless, the that clickjacking can cause severe damages, including concepts and techniques described are generally applica- compromising a user’s private webcam, email or other ble to all client operating systems where display is shared private data, and web surfing anonymity. by mutually distrusting principals. We observe the root cause of clickjacking is that an Several clickjacking defenses have been proposed and attacker application presents a sensitive UI element of a deployed for web browsers, but all have shortcomings. target application out of context to a user (such as hiding Today’s most widely deployed defenses rely on frame- the sensitive UI by making it transparent), and hence the busting [21, 37], which disallows a sensitive page from user is tricked to act out of context. To address this root being framed (i.e., embedded within another web page).
  • Disciplining Criminal Justice: the Peril Amid the Promise of Numbers

    Disciplining Criminal Justice: the Peril Amid the Promise of Numbers

    YALE LAW & POLICY REVIEW Disciplining Criminal Justice: The Peril amid the Promise of Numbers Mary De Ming Fan* Introduction ........................................................................................................... 2 Governing Governance and the Manufacture of "Objective" Visibility ............ 1O A. The Law of Making Performance Visible ................................................ 14 B. Difficulties Defining Criminal Justice in the Idiom of Targets .............. 16 C. Bending the Bounds of the Officially Sanctioned .................................. 24 II. Expressive, Expiatory "Deliverables". ............................................................. 27 A. At the Point of Policy Failure ................................................................... 30 B. Numbers that Do Not Attain Aims ......................................................... 36 C. What Expiation by Numerical Proxy Effaces ......................................... 42 1. Aim ing Beyond the Baseline ............................................................ 42 2. Effacing H igher Aim s ........................................................................ 49 III. Toward a Policy Embrace of Values and Numbers in Qualitative Context ... 57 A. Q ualitative Perspective ............................................................................ 57 B. How Law and Policy Can Be Conducive to Qualitative Evaluation ........... 59 C on clusion ...................................................................................................................
  • Online Advertising Security: Issues, Taxonomy, and Future Directions

    Online Advertising Security: Issues, Taxonomy, and Future Directions

    IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. XX, NO. NN, XX 2021 1 Online Advertising Security: Issues, Taxonomy, and Future Directions Zahra Pooranian, Senior Member, IEEE, Mauro Conti, Senior Member, IEEE, Hamed Haddadi, Member, IEEE and Rahim Tafazolli, Senior Member, IEEE Abstract—Online advertising has become the backbone of over time. Also, mobile advertising has become one of the the Internet economy by revolutionizing business marketing. It fastest-growing industries with the advent of smartphones [6]. provides a simple and efficient way for advertisers to display Millions of mobile applications are registered in various ap- their advertisements to specific individual users, and over the last couple of years has contributed to an explosion in the plication platforms such as Google Play Store, Apps Store, income stream for several web-based businesses. For example, etc., which contain at least one advertising library that allows Google’s income from advertising grew 51.6% between 2016 and mobile advertising [7]. According to [8], in 2019, total mobile 2018, to $136.8 billion. This exponential growth in advertising advertising spending worldwide has reached $189 billion and revenue has motivated fraudsters to exploit the weaknesses of will surpass $240 billion by 2022. the online advertising model to make money, and researchers to discover new security vulnerabilities in the model, to propose Online advertising uses the same mechanisms that are countermeasures and to forecast future trends in research. applied to manage other “traditional” advertising channels, Motivated by these considerations, this paper presents a such as newspapers, radio or TV, but is much more creative in comprehensive review of the security threats to online advertising providing targeted and personalized advertisements [9], [10].
  • UI Redressing and Clickjacking: About Click Fraud and Data Theft

    UI Redressing and Clickjacking: About Click Fraud and Data Theft

    Introduction Attack vectors Counteractive measures Conclusion and outlook UI Redressing and Clickjacking: About click fraud and data theft Marcus Niemietz [email protected] Ruhr-University Bochum Chair for Network and Data Security 25th of November 2011 Marcus Niemietz, RUB @Zeronights UI Redressing and Clickjacking Introduction Attack vectors Counteractive measures Conclusion and outlook Short and crisp details about me Studying \IT-Security/Information Technology", RUB \Computer Science", Distance University Hagen B.Sc. in \IT-Security/Information Technology" Books Authentication Web Pages with Selenium ≥Feb. 2012: Clickjacking und UI-Redressing International speaker Work: RUB, Pixelboxx, ISP and IT-Security, Freelancer (trainings, penetration tests) Twitter: @mniemietz Marcus Niemietz, RUB @Zeronights UI Redressing and Clickjacking Introduction Attack vectors Counteractive measures Conclusion and outlook Contents 1 Introduction UI redressing Clickjacking 2 Attack vectors UI redressing Round up Clickjacking Tool 3 Counteractive measures Frame busting Busting frame busting Clickjacking statistics 4 Conclusion and outlook Marcus Niemietz, RUB @Zeronights UI Redressing and Clickjacking Introduction Attack vectors UI redressing Counteractive measures Clickjacking Conclusion and outlook Introduction Google Inc. can generate a profit of over $8.5 billion in 2010 Interesting for commercial companies to offer web applications shopping banking share status messages New attacks available that can bypass existing protection mechanisms CSRF
  • Click Fraud: Interest in Using the Internet As a Marketing Tool Continues to Grow

    Click Fraud: Interest in Using the Internet As a Marketing Tool Continues to Grow

    Click fraud: Interest in using the Internet as a marketing tool continues to grow. Paid search engine, or pay-per-click advertising (when companies pay for keyword ads listed on a search engine), has what does it become the fastest-growing segment of online advertising.1 By 2010, U.S. advertisers will 2 mean for spend an estimated $7.5 billion on paid search ads compared to $3 billion in 2004. Not only has interest in pay-per-click advertising grown, but so too has click fraud. Click fraud occurs marketers? when a person or software program creates or misrepresents actual clicks. These fraudulent or inaccurate clicks result in additional charges to the advertiser. Industry consultants estimate as many as 20% of clicks on paid search engine ads are fraudulent, costing advertisers more than $1 billion annually—larger than the total magnitude of credit card fraud in the U.S.3 A study of click fraud: a growing, costly issue for advertisers About the study4 from 5MetaCom Legitimate Alleged In a 2006 study, an online clicks fraudulent clicks market research firm evalu- 29.5% (10,268 clicks) ated three paid search engine ad campaigns 9.8% (Google AdWordsீ). The (1,257 clicks) companies advertising paid a fee for each user who clicked on their ad. 8.3% The advertiser with the (349 highest cost per click ($1- clicks) 2) suffered the highest number of alleged fraudu- lent clicks (29.5%), result- 34,763 total clicks ing in bogus charges of 12,790 total clicks $15,395. The other cam- paigns had significantly 4,184 total clicks lower cost per click rates and encountered lower rates of click fraud.
  • In Re Nuvelo, Inc. Securities Litigation 07-CV-04056-Declaration of Mark

    In Re Nuvelo, Inc. Securities Litigation 07-CV-04056-Declaration of Mark

    BERGER & MONTAGUE, P.C. Sherrie R. Savett Carole A. Broderick Phyllis M. Parker 1622 Locust Street Philadelphia, PA 19103 Tel: (215) 875-3000 Fax: (215) 875-4604 Email: [email protected] cbroderick@bm ,net [email protected] IZARD NOBEL LLP ROBBINS GELLER RUDMAN Jeffrey S. Nobel & DOWD LLP Mark P. Kindall, Bar No 138703 Darren J. Robbins Nancy A. Kulesa Dennis J. Herman 29 South Main Street Eli R. Greenstein Suite 215 S. Ashar Ahmed West Hartford, Ct 06107 Post-Montgomery Center Tel: (860) 493-6292 One Montgomery Street, Suite 1800 Fax: (860) 493-6290 San Francisco, CA 94104 Email: [email protected] Tel: (415) 288-4545 [email protected] Fax: (415) 288-4534 [email protected] Email: [email protected] dennisb@rgrdlaw,corn [email protected] aahmed@rgrdlaw com Co-Lead Counsel for Plaintiffs Liaison Counsel UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION In re NUVELO, INC. SECURITIES Master File No 07-CV-04056-VRW LITIGATION CLASS ACTION DECLARATION OF MARK P. KINDALL IN SUPPORT OF PLAINTIFFS' MOTION FOR CLASS CERTIFICATION DATE: March .3, 2011 I TIME: 10:00 a.rn. I COURTROOM: 6 DECLARATION OF MARK P KINDALL IN SUPPORT OF PLArNTIFFS' MOTION FOR CLASS CERTIFICATION - 07-CV-04056-VRW DECLARATION OF MARK P. KINDALL IN SUPPORT OF PLAINTIFFS' MOTION FOR CLASS CERTIFICATION 2 3 I, Mark P. Kindall, hereby declare as follows: 4 1. I am a partner at the law firm of Izard Nobel LLP, which was appointed Co-Lead 5 Counsel for Plaintiffs in this litigation on September 19, 2007. I have personal knowledge of the 6 facts set forth herein.
  • Please Don't Aim for a Highly Cited Paper

    Please Don't Aim for a Highly Cited Paper

    AUSTRALIAN UNIVERSITIES’ REVIEW Please don’t aim for a highly cited paper Michael C Calver Murdoch University Citation-based metrics are important in determining careers, so it is unsurprising that recent publications advise prospective authors on how to write highly cited papers. While such publications offer excellent advice on structuring and presenting manuscripts, there are significant downsides, including: restrictions in the topics researched, incentives to misconduct and possible detriments to motivation, innovation and collegiality. Guides to writing highly cited papers also assume that all citations are equal, ignoring new directions in bibliometric research identifying ‘quality’ and perfunctory citations. Rather than pursuing citations, with the uncertainty about their significance and the potential negative consequences, authors may fare better by following evidence from several disciplines indicating that persistence, a focused research program, good methodology and publishing in relevant journals are more important in career development and disciplinary influence than the odd star paper. Research administrators could encourage such steps by considering innovative new multivariate assessments of research productivity, including assessing social impact. Keywords: citation, quality citation, motivation, misconduct, innovation, highly cited Introduction and clarity of style, encouraging people to aim consciously to write highly cited papers is concerning Increasingly, researchers find their track records under for five main reasons: (i) it narrows the scope of research scrutiny as supervisors and funding agencies seek the undertaken or published; (ii) the focus on reward most successful groups to fund, or individuals to reward may reduce intrinsic motivation, innovation and true with appointments, promotion, tenure or prizes (Corsi, collaboration but encourage mistakes and misconduct; D’Ippoliti & Lucidi, 2010; Oswald, 2010; Teixeira et al., (iii) despite substantial research, the significance of 2013).
  • The Future of Patient Flow Management Practices in the New Era of Health Reform

    The Future of Patient Flow Management Practices in the New Era of Health Reform

    The Future of Patient Flow Management Practices in the New Era of Health Reform David J Yu, MD, MBA, FACP, SFHM Medical Director, Adult Inpatient Medicine Service Presbyterian Medical Group ACA: Affordable Care Act ACO: Accountable Care Organizations • “It is anticipated that ACOs will increasingly be reimbursed under a capitated model that incentivizes optimal quality, safety, efficiency, and health outcomes for populations of patients.” – J. Haugham, MD, D. Burton, MD, HealthCatalyst Value over Volume: Quality over Quantity • Revenue at Risk • Patient Experience • Complication Consequences • Population Health Medicare Advantage Enrollment Bundle Payments • Payment for Episodes of Care – Hospital cost – Professional fee: all physician charges – Ancillary Service – SNF, Rehab • Middle ground between FFS and Capitation • Based on delivering episode of care at a lower price Payment Transparency • Commercial Insurance % of Medicare • ? Demise of Hospital Chargemaster Revenue Center versus Cost Center Patient Flow Traditional View • ED Physician Process owner • Discharge before noon • Observation units • Push patients up to medicine / surgical floor • Hall beds in ED/ Floor Patient Flow: Age of ACA • “A comprehensive, strategic initiative that hospitals need to align all their clinical departments, departmental budgets, and administrative processes around to achieve.” – Today’s Hospitalist, October 2014, David Yu, MD Patient Flow as a Strategic Initiative • How do you model financial efficiency in a cost center model? • No revenue generation
  • Real-Time Ad Click Fraud Detection

    Real-Time Ad Click Fraud Detection

    San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Spring 5-18-2020 REAL-TIME AD CLICK FRAUD DETECTION Apoorva Srivastava San Jose State University Follow this and additional works at: https://scholarworks.sjsu.edu/etd_projects Part of the Artificial Intelligence and Robotics Commons, and the Information Security Commons Recommended Citation Srivastava, Apoorva, "REAL-TIME AD CLICK FRAUD DETECTION" (2020). Master's Projects. 916. DOI: https://doi.org/10.31979/etd.gthc-k85g https://scholarworks.sjsu.edu/etd_projects/916 This Master's Project is brought to you for free and open access by the Master's Theses and Graduate Research at SJSU ScholarWorks. It has been accepted for inclusion in Master's Projects by an authorized administrator of SJSU ScholarWorks. For more information, please contact [email protected]. REAL-TIME AD CLICK FRAUD DETECTION A Thesis Presented to The Faculty of the Department of Computer Science San Jose´ State University In Partial Fulfillment of the Requirements for the Degree Master of Science by Apoorva Srivastava May 2020 © 2020 Apoorva Srivastava ALL RIGHTS RESERVED The Designated Thesis Committee Approves the Thesis Titled REAL-TIME AD CLICK FRAUD DETECTION by Apoorva Srivastava APPROVED FOR THE DEPARTMENT OF COMPUTER SCIENCE SAN JOSE´ STATE UNIVERSITY May 2020 Dr. Robert Chun, Ph.D. Department of Computer Science Dr. Thomas Austin, Ph.D. Department of Computer Science Shobhit Saxena Google LLC ABSTRACT REAL-TIME AD CLICK FRAUD DETECTION by Apoorva Srivastava With the increase in Internet usage, it is now considered a very important platform for advertising and marketing. Digital marketing has become very important to the economy: some of the major Internet services available publicly to users are free, thanks to digital advertising.