Abstract
The illegitimate automated usage of Internet services by web robots (bots) is an ongoing problem. While bots increase the cost of operations for service providers and can affect user satisfaction, e.g., in social media and games, the main problem is that some services should only be usable by humans, but their automated usage cannot be prevented easily. Currently, services are protected against bots using visual CAPTCHA systems, the de facto standard. However, they are often annoying for users to solve. Typically, CATPCHAs are combined with heuristics and machine-learning approaches to reduce the number of times a human needs to solve them. These approaches use request data like IP and cookies but also biometric data like mouse movements. Such detection systems are primarily closed source, do not provide any performance evaluation, or have unrealistic assumptions, e.g., that sophisticated bots only move the mouse in straight lines. Therefore we conducted an experiment to evaluate the usefulness of detection techniques based on mouse dynamics, request metadata, and a combination of both. Our findings indicate that biometric data in the form of mouse dynamics performs better than request data for bot detection. Further, training a mouse dynamic classifier benefits from external and not only website-specific mouse dynamics. Our classifier, which differentiates between artificial and human mouse movements, achieves similar results to related work under stricter and more realistic conditions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Multimedia Knowledge and Social Media Analytics Laboratory, https://mklab.iti.gr/.
- 3.
- 4.
References
Acien, A., Morales, A., Fierrez, J., Vera-Rodriguez, R.: BeCAPTCHA-mouse: synthetic mouse trajectories and improved bot detection. arXiv:2005.00890 [cs] (2021)
Akrout, I., Feriani, A., Akrout, M.: Hacking google reCAPTCHA v3 using reinforcement learning. arXiv preprint arXiv:1903.01003 (2019)
Antal, M., Denes-Fazakas, L.: User verification based on mouse dynamics: a comparison of public data sets. In: 2019 IEEE 13th International Symposium on Applied Computational Intelligence and Informatics, pp. 143–148. IEEE (2019)
Antal, M., Egyed-Zsigmond, E.: Intrusion detection using mouse dynamics. IET Biomet. 8(5), 285–294 (2019)
Chu, Z., Gianvecchio, S., Wang, H.: Bot or human? A behavior-based online bot detection system. In: Samarati, P., Ray, I., Ray, I. (eds.) From Database to Cyber Security. LNCS, vol. 11170, pp. 432–449. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04834-1_21
Dee, T., Richardson, I., Tyagi, A.: Continuous transparent mobile device touchscreen soft keyboard biometric authentication. In: 2019 32nd International Conference on VLSI Design and 2019 18th International Conference on Embedded Systems (VLSID), pp. 539–540. IEEE (2019)
Gamboa, H., Fred, A.: A behavioral biometric system based on human-computer interaction. In: Proceedings of the SPIE, vol. 5404, pp. 381–392 (2004). https://doi.org/10.1117/12.542625
Gummadi, R., Balakrishnan, H., Maniatis, P., Ratnasamy, S.: Not-a-bot: improving service availability in the face of botnet attacks. In: NSDI, pp. 307–320 (2009)
Heath, N.: Expedia on how one extra data field can cost \$12m (2010). https://www.zdnet.com/article/expedia-on-how-one-extra-data-field-can-cost-12m/. Accessed 18 Oct 2021
Iliou, C., Kostoulas, T., Tsikrika, T., Katos, V., Vrochidis, S., Kompatsiaris, I.: Detection of advanced web bots by combining web logs with mouse behavioural biometrics. Digit. Threats: Res. Pract. 2(3), 1–26 (2021)
Iliou, C., Kostoulas, T., Tsikrika, T., Katos, V., Vrochidis, S., Kompatsiaris, Y.: Towards a framework for detecting advanced web bots. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019. Association for Computing Machinery, New York (2019)
Jonker, H., Krumnow, B., Vlot, G.: Fingerprint surface-based detection of web bot detectors. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 586–605. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_28
Jorgensen, Z., Yu, T.: On mouse dynamics as a behavioral biometric for authentication. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 476–482 (2011)
Li, X., Azad, B.A., Rahmati, A., Nikiforakis, N.: Good bot, bad bot: characterizing automated browsing activity. In: 2021 IEEE symposium on security and privacy (SP), pp. 1589–1605. IEEE (2021)
Liu, W.: Introducing reCAPTCHA v3: the new way to stop bots (2018). https://developers.google.com/search/blog/2018/10/introducing-recaptcha-v3-new-way-to. Accessed 20 May 2021
Machines, I.: Stop more bots. start protecting user privacy (2018). https://www.hcaptcha.com/. Accessed 20 May 2021
Sayed, B., Traoré, I., Woungang, I., Obaidat, M.S.: Biometric authentication using mouse gesture dynamics. IEEE Syst. J. 7(2), 262–274 (2013)
Shen, C., Cai, Z., Guan, X.: Continuous authentication for mouse dynamics: a pattern-growth approach. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp. 1–12 (2012).https://doi.org/10.1109/DSN.2012.6263955
Sivakorn, S., Polakis, J., Keromytis, A.D.: I’m not a human: breaking the google recaptcha. Black Hat 14 (2016)
Suchacka, G., Cabri, A., Rovetta, S., Masulli, F.: Efficient on-the-fly web bot detection. Knowl.-Based Syst. 223, 107074 (2021)
Wei, A., Zhao, Y., Cai, Z.: A deep learning approach to web bot detection using mouse behavioral biometrics. In: Sun, Z., He, R., Feng, J., Shan, S., Guo, Z. (eds.) CCBR 2019. LNCS, vol. 11818, pp. 388–395. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31456-9_43
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
See, A., Wingarz, T., Radloff, M., Fischer, M. (2024). Detecting Web Bots via Mouse Dynamics and Communication Metadata. In: Meyer, N., Grocholewska-Czuryło, A. (eds) ICT Systems Security and Privacy Protection. SEC 2023. IFIP Advances in Information and Communication Technology, vol 679. Springer, Cham. https://doi.org/10.1007/978-3-031-56326-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-56326-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56325-6
Online ISBN: 978-3-031-56326-3
eBook Packages: Computer ScienceComputer Science (R0)