Christos Iliou, Theodoros Kostoulas, Theodora Tsikrika, Vasilis Katos, Stefanos Vrochidis, Ioannis Kopmatsiaris
2021 IEEE International Conference on Cyber Security and Resilience (CSR)
advanced web bots, generative adversarial networks, evasive web bots, mouse movements, humanlike behaviour
Web bots are programs that can be used to browse the web and perform automated actions. These actions can be benign, such as web indexing and website monitoring, or malicious, such as unauthorised content scraping and scalping. To detect bots, web servers consider bots’ fingerprint and behaviour, with research showing that techniques that examine the visitor’s mouse movements can be very effective. In this work, we showcase that web bots can leverage the latest advances in machine learning to evade detection based on their mouse movements and touchscreen trajectories (for the case of mobile web bots). More specifically, the proposed web bots utilise Generative Adversarial Networks (GANs) to generate images of trajectories similar to those of humans, which can then be used by bots to evade detection. We show that, even if the web server is aware of the attack method, web bots can generate behaviours that can evade detection.