Web Bot Detection Evasion Using Deep Reinforcement Learning
Creators
- 1. Information Technologies Institute, CERTH, Thessaloniki, Greece, and BU-CERT, Bournemouth University, Bournemouth, United Kingdom
- 2. Department of Information & Communication Systems Engineering, University of the Aegean, Samos, Greece
- 3. Information Technologies Institute, CERTH, Thessaloniki, Greece
- 4. BU-CERT, Bournemouth University, Bournemouth, United Kingdom
Description
Web bots are vital for the web as they can be used to automate several actions, some of which would have otherwise been impossible or very time consuming. These actions can be benign, such as website testing and web indexing, or malicious, such as unauthorised content scraping, scalping, vulnerability scanning, and more. To detect malicious web bots, recent approaches examine the visitors' fingerprint and behaviour. For the latter, several values (i.e., features) are usually extracted from visitors' web logs and used as input to train machine learning models. In this research we show that web bots can use recent advances in machine learning, and, more specifically, Reinforcement Learning (RL), to effectively evade behaviour-based detection techniques. To evaluate these evasive bots, we examine (i) how well they can evade a pre-trained bot detection framework, (ii) how well they can still evade detection after the detection framework is re-trained on new behaviours generated from the evasive web bots, and (iii) how bots perform if re-trained again on the re-trained detection framework. We show that web bots can repeatedly evade detection and adapt to the re-trained detection framework to showcase the importance of considering such types of bots when designing web bot detection frameworks.
Notes
Files
Web_Bot_Detection_Evasion_Using_Deep_Reinforcement_Learning_zenodo.pdf
Files
(2.3 MB)
Name | Size | Download all |
---|---|---|
md5:ee21ab0e7097066cd6be7022ff2e1ca0
|
2.3 MB | Preview Download |
Additional details
Funding
- IDEAL-CITIES – Intelligence-Driven Urban Internet-of-Things Ecosystems for Trustworthy and Circular Smart Cities 778229
- European Commission
- FORESIGHT – Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments 833673
- European Commission
- ECHO – European network of Cybersecurity centres and competence Hub for innovation and Operations 830943
- European Commission