short-paper Free Access Artifacts Available / v1.1
- Authors:
- Behzad Ousat Florida International University, Miami, USA
- Dongsheng Luo Florida International University, Miami, USA
- Amin Kharraz Florida International University, Miami, USA
WWW '24: Companion Proceedings of the ACM on Web Conference 2024May 2024Pages 646–649https://doi.org/10.1145/3589335.3651474
- 0citation
- 7
- Downloads
Metrics
Total Citations0Total Downloads7Last 12 Months7
Last 6 weeks7
- Get Citation Alerts
New Citation Alert added!
This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
Manage my Alerts
New Citation Alert!
Please log in to your account
- Publisher Site
- eReader
WWW '24: Companion Proceedings of the ACM on Web Conference 2024
Breaking the Bot Barrier: Evaluating Adversarial AI Techniques Against Multi-Modal Defense Models
Pages 646–649
PreviousChapterNextChapter
ABSTRACT
Websites utilize several approaches to detect automated agents. The agents are deployed either for beneficial purposes such as search engine crawlers, or to perform tasks on behalf of the adversary such as scanning for vulnerabilities. Recent methods in detecting such agents include the analysis of the behavior that the agents show when visiting the website. In this paper, I) we describe a deep learning framework that analyzes the triggered browser events to classify the visitor. II) We develop two adversarial attacks in order to bypass the defense by generating adversarial vectors that are misclassified by the model. III) We discuss how applicable the attacks are by reviewing the limitations of the popular tools (i.e., Selenium and Puppeteer) used for the development of automated agents based on full-fledged browsers.
Skip Supplemental Material Section
Supplemental Material
shp3529.mp4
Supplemental video
mp4
4.5 MB
Download
References
- Alejandro Acien, Aythami Morales, Julian Fierrez, and Ruben Vera-Rodriguez. 2022. BeCAPTCHA-Mouse: Synthetic mouse trajectories and improved bot detection. Pattern Recognition , Vol. 127 (2022), 108643.Google Scholar
Digital Library
- Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis. 2019. Less is more: quantifying the security benefits of debloating web applications. In 28th USENIX Security Symposium (USENIX Security 19). 1697--1714.Google Scholar
- Cara Malone. 2023. Online Payment Fraud: Market Forcasts, Emerging Threats and Segment Analysis, 2023--2029. https://www.juniperresearch.com/researchstore/fintech-payments/online-payment-fraud-research-report/.Google Scholar
- Zi Chu, Steven Gianvecchio, and Haining Wang. 2018. Bot or human? A behavior-based online bot detection system. From Database to Cyber Security: Essays Dedicated to Sushil Jajodia on the Occasion of His 70th Birthday (2018), 432--449.Google Scholar
- Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).Google Scholar
- gremlins.js: Monkey testing library for web apps and Node.js. 2020. https://github.com/marmelab/gremlins.js/. Accessed: 01--16--2023.Google Scholar
- hCaptcha. [n.,d.]. hCaptcha Documentation. https://docs.hcaptcha.com/.Google Scholar
- Alex Huang, Abdullah Al-Dujaili, Erik Hemberg, Una-May O'Reilly, et al. 2018. Adversarial deep learning for robust detection of binary encoded malware. arXiv preprint arXiv:1801.02950 (2018).Google Scholar
- Luis A. Leiva and Roberto Vivó. 2013. Web Browsing Behavior Analysis and Interactive Hypervideo. ACM Transactions on the Web, Vol. 7, 4 (2013).Google Scholar
Digital Library
- Arbena Musa, Kamer Vishi, and Blerim Rexha. 2021. Attack analysis of face recognition authentication systems using fast gradient sign method. Applied artificial intelligence, Vol. 35, 15 (2021), 1346--1360.Google Scholar
- Hongfeng Niu, Ang Wei, Yunpeng Song, and Zhongmin Cai. 2023. Exploring visual representations of computer mouse movements for bot detection using deep learning approaches. Expert Systems with Applications , Vol. 229 (2023), 120225.Google Scholar
Digital Library
- Puppeteer. [n.,d.]. https://pptr.dev/. Available: https://pptr.dev/.Google Scholar
- Selenium. [n.,d.]. https://www.selenium.dev/documentation/webdriver/.Google Scholar
- Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shosh*taishvili, and Adam Doupé. 2023. Toss a fault to your witcher: Applying grey-box coverage-guided mutational fuzzing to detect sql and command injection vulnerabilities. In IEEE Symposium on Security and Privacy (SP). 116--133.Google Scholar
Cross Ref
- Ang Wei, Yuxuan Zhao, and Zhongmin Cai. 2019. A deep learning approach to web bot detection using mouse behavioral biometrics. In Biometric Recognition: 14th Chinese Conference, CCBR 2019, Zhuzhou, China, October 12--13, 2019, Proceedings 14. Springer, 388--395.Google Scholar
Digital Library
- Jianli Zhou, Chao Liang, and Jun Chen. 2020. Manifold projection for adversarial defense on face recognition. In Computer Vision--ECCV 2020: 16th European Conference, Glasgow, UK, August 23--28, 2020, Proceedings, Part XXX 16. Springer, 288--305. ioGoogle Scholar
Cited By
View all
Index Terms
Breaking the Bot Barrier: Evaluating Adversarial AI Techniques Against Multi-Modal Defense Models
Security and privacy
Security services
Authentication
Software and application security
Web application security
Recommendations
- Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain
In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the ...
Read More
- My Brother Helps Me: Node Injection Based Adversarial Attack on Social Bot Detection
MM '23: Proceedings of the 31st ACM International Conference on Multimedia
Social platforms such as Twitter are under siege from a multitude of fraudulent users. In response, social bot detection tasks have been developed to identify such fake users. Due to the structure of social networks, the majority of methods are based on ...
Read More
- A moving target defense against adversarial machine learning
SEC '19: Proceedings of the 4th ACM/IEEE Symposium on Edge Computing
Adversarial Machine Learning has become the latest threat with the ubiquitous presence of machine learning. In this paper we propose a Moving Target Defense approach to defend against adversarial machine learning, i.e., instead of manipulating the ...
Read More
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in
Full Access
Get this Publication
- Information
- Contributors
Published in
WWW '24: Companion Proceedings of the ACM on Web Conference 2024
May 2024
1928 pages
ISBN:9798400701726
DOI:10.1145/3589335
- General Chairs:
- Tat-Seng Chua
National University of Singapore
, - Chong-Wah Ngo
Singapore Management University
, - Proceedings Chair:
- Roy Ka-Wei Lee
Singapore University of Technology and Design
, - Program Chairs:
- Ravi Kumar
Google
, - Hady W. Lauw
Singapore Management University
Copyright © 2024 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [emailprotected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 May 2024
Permissions
Request permissions about this article.
Author Tags
- adversarial machine learning
- bot detection
- forensics engine
- web application security
Qualifiers
- short-paper
Conference
Acceptance Rates
Overall Acceptance Rate1,899of8,196submissions,23%
Funding Sources
Other Metrics
View Article Metrics
- Bibliometrics
- Citations0
Article Metrics
- View Citations
Total Citations
7
Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)7
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet
PDF Format
View or Download as a PDF file.
eReader
View online with eReader.
eReader
Digital Edition
View this article in digital edition.
View Digital Edition
- Figures
- Other
Close Figure Viewer
Browse AllReturn
Caption
View Table of Contents
Export Citations
Your Search Results Download Request
We are preparing your search results for download ...
We will inform you here when the file is ready.
Download now!
Your Search Results Download Request
Your file of search results citations is now ready.
Download now!
Your Search Results Download Request
Your search export query has expired. Please try again.