Macquarie University
2 files

Protecting web services from botnet exploitations

posted on 2022-03-28, 15:33 authored by Hanh Nguyen Vo
Botnets have attracted a significant attention and have become a primary "platform" for attacks on the Internet. As Web 2.0 evolves, especially with social networking sites becoming a dominant medium, it is no surprise that a new type of malware, Web 2.0 bot, rides on this new means of propagation and communication. For example, Koobface has been successfully leveraged social networking websites such as Facebook and Myspace to infect millions of computers and TwitterBot attempted to use Twitter as a C&C channel for communicating. Since these are legitimate sites and the communication is just like normal web traffic, this type of attack is difficult to detect by the current detection software. In addition, Captcha used for verifiation can be easily bypassed by modern bots as they employ the so-called relay attack. The relay attack involves a human to solve the challenges for the bots. -- In this research, we solve the problem by presenting two systems: an API Verifier and an enhanced Captcha design. Since a bot must use an API (Application Programming Interface) to post information, the API Verifier will challenge a user with a Captcha if it detects that the API call is from a new computer. To recognize if the API call is from a new computer, we use the Media Access Control (MAC) address of the computer, which is globally unique. Since a bot cannot solve a Captcha challenge, it will not be able to make API calls to the Web service. Our enhanced Captcha is resistant against the relay attack as we change the static answer, which is used by majority of Captcha forms, to a dynamic one by asking the user "where" is the answer rather than "what". We also employ animation with a defined delay time to prevent the human solver from telling the bot where the answer is. The systems are evaluated by operating against various attacks from a modified version of Koobface, the most popular existing Web 2.0 botnet. The results show that Koobface bots fail to break our enhanced Captcha using relay attacks. Also our API Veri er successfully detects requests from Koobface bots and denies their access.


Table of Contents

1. Introduction -- 2. Botnet -- 3. Web 2.0 botnet and current botnet detection techniques -- 4. API verifier: an application-based approach to detect Bot 2.0 -- 5. Captcha enhancement -- 6. Implementation and experiments -- 7. Conclusion -- 8. An appendix.


Includes bibliographical references: pages 203-217.

Awarding Institution

Macquarie University

Degree Type

Thesis PhD


Thesis (PhD), Macquarie University, Faculty of Science, Department of Computing

Department, Centre or School

Department of Computing

Year of Award


Principal Supervisor

Josef Pieprzyk


Copyright disclaimer: Copyright Hanh Nguyen Vo 2012.




1 online resource (xx, 217 pages) illustrations

Former Identifiers

mq:26992 1990226

Usage metrics

    Macquarie University Theses


    Ref. manager