Polymorphic Protocols for Fighting Bots

August See

Abstract


Web Robots (bots) that automate communication with a service on the Internet via their API are efficient and easy to scale. A large number of bots leads to significant losses for providers and can frustrate users of social media, games or online stores. Existing solutions such as CAPTCHAs or complex registrations either frustrate users or are easy to circumvent. Current solutions that make it difficult to create bots are only effective for the first bot. Once the first bot is created, it can be easily duplicated to build an army of bots. This paper presents an approach inspired by polymorphic malware and censorship resistance to change this. Each client that communicates with a service does so by using its own application protocol that is syntactically different but not semantically. Thus, a bot creator is forced to either find a way to automatically extract the whole application protocol from a client or to reverse engineer a new protocol for each bot that is created.

Full Text:

PDF


DOI: http://dx.doi.org/10.14279/tuj.eceasst.80.1157

DOI (PDF): http://dx.doi.org/10.14279/tuj.eceasst.80.1157.1108

Hosted By Universit├Ątsbibliothek TU Berlin.