Published August 23, 2022 | Version v1
Conference paper Open

Web Bot Detection Evasion Using Deep Reinforcement Learning

  • 1. Information Technologies Institute, CERTH, Thessaloniki, Greece, and BU-CERT, Bournemouth University, Bournemouth, United Kingdom
  • 2. Department of Information & Communication Systems Engineering, University of the Aegean, Samos, Greece
  • 3. Information Technologies Institute, CERTH, Thessaloniki, Greece
  • 4. BU-CERT, Bournemouth University, Bournemouth, United Kingdom


Web bots are vital for the web as they can be used to automate several actions, some of which would have otherwise been impossible or very time consuming. These actions can be benign, such as website testing and web indexing, or malicious, such as unauthorised content scraping, scalping, vulnerability scanning, and more. To detect malicious web bots, recent approaches examine the visitors' fingerprint and behaviour. For the latter, several values (i.e., features) are usually extracted from visitors' web logs and used as input to train machine learning models. In this research we show that web bots can use recent advances in machine learning, and, more specifically, Reinforcement Learning (RL), to effectively evade behaviour-based detection techniques. To evaluate these evasive bots, we examine (i) how well they can evade a pre-trained bot detection framework, (ii) how well they can still evade detection after the detection framework is re-trained on new behaviours generated from the evasive web bots, and (iii) how bots perform if re-trained again on the re-trained detection framework. We show that web bots can repeatedly evade detection and adapt to the re-trained detection framework to showcase the importance of considering such types of bots when designing web bot detection frameworks.


This is the accepted version of the paper. The final version of the paper can be found at



Additional details


IDEAL-CITIES – Intelligence-Driven Urban Internet-of-Things Ecosystems for Trustworthy and Circular Smart Cities 778229
European Commission
FORESIGHT – Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments 833673
European Commission
ECHO – European network of Cybersecurity centres and competence Hub for innovation and Operations 830943
European Commission