Protecting web services from botnet exploitations
thesisposted on 28.03.2022, 15:33 by Hanh Nguyen Vo
Botnets have attracted a significant attention and have become a primary "platform" for attacks on the Internet. As Web 2.0 evolves, especially with social networking sites becoming a dominant medium, it is no surprise that a new type of malware, Web 2.0 bot, rides on this new means of propagation and communication. For example, Koobface has been successfully leveraged social networking websites such as Facebook and Myspace to infect millions of computers and TwitterBot attempted to use Twitter as a C&C channel for communicating. Since these are legitimate sites and the communication is just like normal web traffic, this type of attack is difficult to detect by the current detection software. In addition, Captcha used for verifiation can be easily bypassed by modern bots as they employ the so-called relay attack. The relay attack involves a human to solve the challenges for the bots. -- In this research, we solve the problem by presenting two systems: an API Verifier and an enhanced Captcha design. Since a bot must use an API (Application Programming Interface) to post information, the API Verifier will challenge a user with a Captcha if it detects that the API call is from a new computer. To recognize if the API call is from a new computer, we use the Media Access Control (MAC) address of the computer, which is globally unique. Since a bot cannot solve a Captcha challenge, it will not be able to make API calls to the Web service. Our enhanced Captcha is resistant against the relay attack as we change the static answer, which is used by majority of Captcha forms, to a dynamic one by asking the user "where" is the answer rather than "what". We also employ animation with a defined delay time to prevent the human solver from telling the bot where the answer is. The systems are evaluated by operating against various attacks from a modified version of Koobface, the most popular existing Web 2.0 botnet. The results show that Koobface bots fail to break our enhanced Captcha using relay attacks. Also our API Veri er successfully detects requests from Koobface bots and denies their access.