Cloaker Catcher: A Client-based Cloaking Detection System

Cloaking has long been exploited by spammers for the purpose of increasing the exposure of their websites. In other words, cloaking has long served as a major malicious technique in search engine optimization (SEO). Cloaking hides the true nature of a website by delivering blatantly different content to users versus web crawlers. Recently, we have also witnessed a rising trend of employing cloaking in search engine marketing (SEM). However, detecting cloaking is challenging. Existing approaches cannot detect IP cloaking and are not suitable for detecting cloaking in SEM because their search-and-visit method leads to click fraud. In addition, they focus on detecting and measuring cloaking on the server side, but the results are not visible to users to help them avoid frauds. Our work focuses on mitigating IP cloaking and SEM cloaking, and providing client-based real-time cloaking detection services. To achieve these goals, we first propose the Simhash-based Website Model (SWM), a condensed representation of websites, which can model natural page dynamics. Based on SWM, we design and implement Cloaker Catcher, an accurate, efficient and privacy-preserving system, that consists of a server that crawls websites visited by users on demand and a client-side extension that fetches spider views of websites from the server and compares them with user views to detect cloaking. Since Cloaker Catcher checks on the client side for each real user, IP cloaking can be detected whenever it occurs and click fraud in SEM can also be prevented. Using our system, we conducted the first analysis of SEM cloaking and found that the main purpose of SEM cloakers is to provide illicit services.