Scraping Airlines Bots: Insights Obtained Studying Honeypot Data-Reference-Cited by-同舟云学术

Scraping Airlines Bots: Insights Obtained Studying Honeypot Data

Published:2021-05-22 Issue:1 Volume:2 Page:3-28
ISSN:2753-9997
Container-title:International Journal of Cyber Forensics and Advanced Threat Investigations
language:en
Short-container-title:Int. j. cyber forensics adv. threat investig.

Author:

Chiapponi Elisa^ORCID,Dacier Marc^ORCID,Catakoglu Onur,Thonnard Olivier,Todisco Massimiliano^ORCID

Abstract

Airline websites are the victims of unauthorised online travel agencies and aggregators that use armies of bots to scrape prices and flight information. These so-called Advanced Persistent Bots (APBs) are highly sophisticated. On top of the valuable information taken away, these huge quantities of requests consume a very substantial amount of resources on the airlines' websites. In this work, we propose a deceptive approach to counter scraping bots. We present a platform capable of mimicking airlines' sites changing prices at will. We provide results on the case studies we performed with it. We have lured bots for almost 2 months, fed them with indistinguishable inaccurate information. Studying the collected requests, we have found behavioural patterns that could be used as complementary bot detection. Moreover, based on the gathered empirical pieces of evidence, we propose a method to investigate the claim commonly made that proxy services used by web scraping bots have millions of residential IPs at their disposal. Our mathematical models indicate that the amount of IPs is likely 2 to 3 orders of magnitude smaller than the one claimed. This finding suggests that an IP reputation-based blocking strategy could be effective, contrary to what operators of these websites think today.

Publisher

Concept Tech Publishing

Reference47 articles.

1. Web runner 2049: Evaluating third-party anti-bot services

2. The Bait and Switch Honeypot. (n.d.)

3. Automatic extraction of indicators of compromise for web applications

4. Cheswick, B. (1992). An evening with berferd in which a cracker is lured, endured, and studied. In Proc. Winter USENIX Conference (pp. 20-24). San Francisco, CA, USA.

5. Chiapponi, E., Catakoglu, O., Thonnard, O., & Dacier, M. (2020). HoPLA: a Honeypot Platform to Lure Attackers. In Computer & Electronics Security Applications Rendez-vous, Deceptive security Conference (C&ESAR 2020), part of European Cyber Week. Rennes, France.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Inside Residential IP Proxies: Lessons Learned from Large Measurement Campaigns;2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW);2023-07

2. ImMuNE: Improved Multilateration in Noisy Environments;2022 IEEE 11th International Conference on Cloud Networking (CloudNet);2022-11-07

3. An industrial perspective on web scraping characteristics and open issues;2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S);2022-06

4. BADPASS: Bots Taking ADvantage of Proxy as a Service;Information Security Practice and Experience;2022