CARONTE: Crawling Adversarial Resources Over Non-Trusted, High-Profile Environments

Campobasso, Michele; Burda, Pavlo; Allodi, Luca

doi:10.1109/eurospw.2019.00055

Cited by 9 publications

(13 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the aforementioned techniques show promising results, they do not address a key aspect of the web bot detection problem, which is the identification of web bots that try to evade detection via, for example, exhibiting a browser fingerprint and a humanlike behaviour [11,20,21,27]. Based on the current detection techniques, advanced web bots could be modelled by adversaries by (i) having a browser fingerprint, and (ii) exhibiting a humanlike behaviour.…”

Section: Background and Related Workmentioning

confidence: 99%

“…A fingerprint that is close to one of a browser can be be achieved with the use and configuration of specific browsing automation software [11,27,35], or by using regular browsers [2]. A humanlike behaviour can be achieved by time sleeps that take into account the length of text in each web page [11,27], crawling web pages at a specific time (e.g., day/night) [11,27], skipping or spending a few seconds on content that they have already visited [11], and performing human assisted [27] or automatic [11] logging in to websites. Recent research has shown that, although detecting simple bots is relatively easy, detecting more sophisticated web bots that use a browser fingerprint and/or exhibit a humanlike behaviour, including the performance of mouse movements, is much more difficult [20].…”

Section: Background and Related Workmentioning

confidence: 99%

“…As there is neither a universal definition of how the moderate and advanced web bots behave, nor are there any existing tools that we can use to generate them, we based these behaviours on the information available in literature [11,21,27], as well as in reports of web bot detection companies [15]. More specifically, we consider the moderate web bots to have no intelligence, meaning that they follow hyperlinks randomly and by performing direct mouse movements between those links.…”

Section: Web Bots and Their Configurationmentioning

confidence: 99%

“…Additionally, advanced web bots can emulate "reading" part of a web page by performing mouse movements in a left to right direction and back, as if to follow the direction of the text (like humans sometimes do). As a result, the time between requests is also adjusted based on whether they are "reading" the web page or not, and based on the content of the web page that is read [11].…”

Section: Advanced Web Botsmentioning

confidence: 99%

“…The further categorisation of the web bots referred to as "advanced" in Reference [20] into "moderate" and "advanced" web bots in this work, on the basis of their evasiveness, allows us to further showcase how the increase in their evasiveness capabilities affects the performance of our detection models. The behaviour and configuration of the tested web bots is derived from techniques that have been proposed in literature for evasive web content gathering [11,21,27] in combination with techniques that stem from the observation of advanced web bots in the wild [14,15].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

et al. 2021

View full text Add to dashboard Cite

Web bots vary in sophistication based on their purpose, ranging from simple automated scripts to advanced web bots that have a browser fingerprint, support the main browser functionalities, and exhibit a humanlike behaviour. Advanced web bots are especially appealing to malicious web bot creators, due to their browser-like fingerprint and humanlike behaviour which reduce their detectability. This work proposes a web bot detection framework that comprises two detection modules: (i) a detection module that utilises web logs, and (ii) a detection module that leverages mouse movements. The framework combines the results of each module in a novel way to capture the different temporal characteristics of the web logs and the mouse movements, as well as the spatial characteristics of the mouse movements. We assess its effectiveness on web bots of two levels of evasiveness, (a) moderate web bots that have a browser fingerprint and (b) advanced web bots that have a browser fingerprint and also exhibit a humanlike behaviour. We show that combining web logs with visitors? mouse movements is more effective and robust towards detecting advanced web bots that try to evade detection, as opposed to using only one of those approaches.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%

Section: Web Bots and Their Configurationmentioning

confidence: 99%

Section: Advanced Web Botsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

et al. 2021

View full text Add to dashboard Cite

show abstract

THREAT/crawl: a Trainable, Highly-Reusable, and Extensible Automated Method and Tool to Crawl Criminal Underground Forums

Campobasso

Allodi

2022

2022 APWG Symposium on Electronic Crime Research (eCrime)

View full text Add to dashboard Cite

A tight scrape: methodological approaches to cybercrime research data collection in adversarial environments

Turk

Pastrana

Collier

2020

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

We outline in this article a study of 'adversarial scraping' for academic research, which involves the collection of data from websites that implement defences against traditional web scraping tools. Although this is primarily a research methods article, it also constitutes a valuable systematic accounting of the different defensive techniques used by the administrators of illicit online services. Some of these administrators intentionally implement functionality which attempts to prevent web scrapers from gathering data from their site, and some will unintentionally design their sites in ways that make data gathering harder. This is of particular importance for criminological research, where websites such as cryptomarkets and underground forums are publicly available (and hence there is an ethical case for data collection), but the illicit activity involved means that the administrators of these services limit scraping. We classify different anti-crawling techniques taken by websites and outline our developed countermeasures. Based on this, we evaluate which of these methods do and do not succeed at preventing data gathering from a website, as well as those which impact the scraper but do not necessarily prevent the data from being obtained. We find that there are some defences that, if used together, might thwart scraping. There are also a series of defences that are successful at slowing down scrapers, making historical scraping more difficult. On the other hand, we show that many defences are easy to work around and do not impact scraping.

show abstract

CARONTE: Crawling Adversarial Resources Over Non-Trusted, High-Profile Environments

Cited by 9 publications

References 30 publications

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

Detection of Advanced Web Bots by Combining Web Logs with Mouse Behavioural Biometrics

THREAT/crawl: a Trainable, Highly-Reusable, and Extensible Automated Method and Tool to Crawl Criminal Underground Forums

A tight scrape: methodological approaches to cybercrime research data collection in adversarial environments

Contact Info

Product

Resources

About