论文信息 - A Link Obfuscation Service to Detect Webbots

A Link Obfuscation Service to Detect Webbots

Web bot fraud activity currently accounts for a large number of web accesses. Current resistance methods such as CAPTCHA are not applicable for bot detection at the granularity of each click. In this paper, we propose a service that counters web bots which mimic human clicks by walking random links. We base our defense on systematically applying link obfuscation. The obfuscation is designed as a service that can be applied to websites without changes from web developers and without changing the behavior of human users. The service for resisting web bots is called Decoy Link Design Adaptation (DLDA) and works by transparently modifying every page of a protected website. The modifications are made such that walking web bots cannot traverse valid paths through the website. Specifically, DLDA modifies each original link on the page surrounding it with a group of invalid links. These obsfucated links are carefully styled to be unnoticed or avoided by human users; however, they require significant effort for programs (bots) to identify. Experiments show that DLDA has a very high detection rate for web bots and near zero false positives. DLDA can detect 80% of walking bots ending a session after one minute of inactivity (no clicks). The detection rate increases to 100% when the session is ended where multiple visits of the bots can be grouped into a single session.

Calton Pu | Kang Li | Lakshmish Ramaswamy | Douglas Brewer

[1] Arthur M. Keller,et al. Understanding How Spammers Steal Your E-Mail Address: An Analysis of the First Six Months of Data from Project Honey Pot , 2005, CEAS.

[2] John Langford,et al. CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[3] Joshua Goodman. Pay-Per-Percentage of Impressions: An Advertising Method that is Highly Robust to Fraud , 2005 .

[4] Neil Daswani,et al. The Anatomy of Clickbot.A , 2007, HotBots.

[5] Markus Jakobsson,et al. Making CAPTCHAs clickable , 2008, HotMobile '08.

[6] Divyakant Agrawal,et al. Duplicate detection in click streams , 2005, WWW '05.

[7] Lars Schmidt-Thieme,et al. Web Robot Detection - Preprocessing Web Logfiles for Robot Detection , 2005 .

[8] Vipin Kumar,et al. Discovery of Web Robot Sessions Based on their Navigational Patterns , 2004, Data Mining and Knowledge Discovery.

[9] Yong Guan,et al. Detecting Click Fraud in Pay-Per-Click Streams of Online Advertising Networks , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[10] Kang-Won Lee,et al. Securing Web Service by Automatic Robot Detection , 2006, USENIX Annual Technical Conference, General Track.