Fingerprint Surface-Based Detection of Web Bot Detectors

Jonker, Hugo; Krumnow, Benjamin; Vlot, Gabry

doi:10.1007/978-3-030-29962-0_28

Cited by 23 publications

(27 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Aside from our bot mitigation techniques, we do not interact with the visited websites in any way, limitations of this approach are discussed in Section 6. While a website might detect our crawler, it is not detected by current mechanisms seen in the wild, as presented by Jonker et al [24].…”

Section: Measurement Frameworkmentioning

confidence: 77%

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Urban¹,

Degeling

Holz

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

In the modern Web, service providers often rely heavily on third parties to run their services. For example, they make use of ad networks to finance their services, externally hosted libraries to develop features quickly, and analytics providers to gain insights into visitor behavior.For security and privacy, website owners need to be aware of the content they provide their users. However, in reality, they often do not know which third parties are embedded, for example, when these third parties request additional content as it is common in real-time ad auctions.In this paper, we present a large-scale measurement study to analyze the magnitude of these new challenges. To better reflect the connectedness of third parties, we measured their relations in a model we call third party trees, which reflects an approximation of the loading dependencies of all third parties embedded into a given website. Using this concept, we show that including a single third party can lead to subsequent requests from up to eight additional services. Furthermore, our findings indicate that the third parties embedded on a page load are not always deterministic, as 50 % of the branches in the third party trees change between repeated visits. In addition, we found that 93 % of the analyzed websites embedded third parties that are located in regions that might not be in line with the current legal framework. Our study also replicates previous work that mostly focused on landing pages of websites. We show that this method is only able to measure a lower bound as subsites show a significant increase of privacy-invasive techniques. For example, our results show an increase of used cookies by about 36 % when crawling websites more deeply.

show abstract

Section: Measurement Frameworkmentioning

confidence: 77%

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Urban¹,

Degeling

Holz

et al. 2020

Proceedings of the Web Conference 2020

View full text Add to dashboard Cite

show abstract

“…[EN16]); secondly, such deviations will (also) affect logging in (cf. [JKV19]). Thus, for this project we require an automated way to use a regular (full) browser.…”

Section: A Base Http Platformmentioning

confidence: 99%

Shepherd: a Generic Approach to Automating Website Login

Jonker

Karsch

Krumnow

et al. 2020

Proceedings 2020 Workshop on Measurements, Attacks, and Defenses for the Web

Self Cite

View full text Add to dashboard Cite

To gauge adoption of web security measures, largescale testing of website security is needed. However, the diversity of modern websites makes a structured approach to testing a daunting task. This is especially a problem with respect to logging in: there are many subtle deviations in the flow of the login process between websites. Current efforts investigating login security typically are semi-automated, requiring manual intervention which does not scale well. Hence, comprehensive studies of post-login areas have not been possible yet. In this paper, we introduce Shepherd, a generic framework for logging in on websites. Given credentials, it provides a fully automated attempt at logging in. We discuss various design challenges related to automatically identifying login areas, validating correct logins, and detecting incorrect credentials. The tool collects data on successes and failures for each of these. We evaluate Shepherd's capabilities to login on thousands of sites, using unreliable, legitimately crowd-sourced credentials for a random selection from the Alexa Top websites list. Notwithstanding parked domains, invalid credentials, etc., Shepherd was able to automatically log in on 7,113 sites from this set, an order of magnitude beyond previous efforts at automating login.

show abstract

“…), which makes their detection more challenging. Even though such web bots, in their vanilla configurations, contain fingerprints that can reveal their bot nature [23], additional configurations can be applied to avoid detection [22,23]. Moreover, web bots can be designed to use the regular browsers of a machine (instead of using an automated browsing software), which makes fingerprint-based detection even harder [2].…”

Section: Background and Related Workmentioning

confidence: 99%

“…Such web bots can crawl web servers in a humanlike manner to collect information making them harder to detect. Additionally, we can assume that the malicious web bots exhibit a fingerprint that is indistinguishable from that of a browser as in the opposite case, such bots could be deterministically detected using advanced fingerprinting techniques [5,22,23,31]. This is a logical assumption, as the respective Indicators of Compromise have a low pain threshold (i.e., they require low effort to be changed) [8].…”

Section: Threat Modelmentioning

confidence: 99%

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

et al. 2021

View full text Add to dashboard Cite

Web bots vary in sophistication based on their purpose, ranging from simple automated scripts to advanced web bots that have a browser fingerprint, support the main browser functionalities, and exhibit a humanlike behaviour. Advanced web bots are especially appealing to malicious web bot creators, due to their browser-like fingerprint and humanlike behaviour which reduce their detectability. This work proposes a web bot detection framework that comprises two detection modules: (i) a detection module that utilises web logs, and (ii) a detection module that leverages mouse movements. The framework combines the results of each module in a novel way to capture the different temporal characteristics of the web logs and the mouse movements, as well as the spatial characteristics of the mouse movements. We assess its effectiveness on web bots of two levels of evasiveness, (a) moderate web bots that have a browser fingerprint and (b) advanced web bots that have a browser fingerprint and also exhibit a humanlike behaviour. We show that combining web logs with visitors? mouse movements is more effective and robust towards detecting advanced web bots that try to evade detection, as opposed to using only one of those approaches.

show abstract

Fingerprint Surface-Based Detection of Web Bot Detectors

Cited by 23 publications

References 18 publications

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Beyond the Front Page:Measuring Third Party Dynamics in the Field

Shepherd: a Generic Approach to Automating Website Login

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

Contact Info

Product

Resources

About