2010 IEEE International Conference on Services Computing (2010)
July 5, 2010 to July 10, 2010
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SCC.2010.89
Web bot fraud activity currently accounts for a large number of web accesses. Current resistance methods such as CAPTCHA are not applicable for bot detection at the granularity of each click. In this paper, we propose a service that counters web bots which mimic human clicks by walking random links. We base our defense on systematically applying link obfuscation. The obfuscation is designed as a service that can be applied to websites without changes from web developers and without changing the behavior of human users. The service for resisting web bots is called Decoy Link Design Adaptation (DLDA) and works by transparently modifying every page of a protected website. The modifications are made such that walking web bots cannot traverse valid paths through the website. Specifically, DLDA modifies each original link on the page surrounding it with a group of invalid links. These obsfucated links are carefully styled to be unnoticed or avoided by human users; however, they require significant effort for programs (bots) to identify. Experiments show that DLDA has a very high detection rate for web bots and near zero false positives. DLDA can detect 80% of walking bots ending a session after one minute of inactivity (no clicks). The detection rate increases to 100% when the session is ended where multiple visits of the bots can be grouped into a single session.
web, web robot, detection
K. Li, D. Brewer, C. Pu and L. Ramaswamy, "A Link Obfuscation Service to Detect Webbots," 2010 IEEE International Conference on Services Computing(SCC), Miami, Florida, 2010, pp. 433-440.