University of Hamburg - to research, to teach, to educate and form, to homepage
Computer Networks

Photo: UHH/Denstorf

Paper accepted at ESORICS 2022

23 July 2022, by Mathias Fischer

ESORICS22

Photo: https://esorics2022.compute.dtu.dk/

Our paper entitled “Introducing polymorphic protocols to limit the influence of web bots” was accepted for publication at the 27th European Symposium on Research in Computer Security (ESORICS 2022).

In this paper, we present an approach approach to combat the cost-efficient duplication of bots that can be applied with low performance and organizational overhead.

We will present our results on the conference in Copenhagen in September 2022 and seek an exchange with international researchers.

Paper Abstract:
Unwanted automation of network services by web robots (bots) increases the operation costs, and affects the satisfaction of human users, e.g., in online games or social media. Bots impact the revenue of service providers and can damage society by spreading false information.
While few bots are usually not a problem, a large number is. Thus, we focus on bots that directly use a service's application protocol, as they are the most efficient and easiest to scale.
Current solutions such as registration with personal data or CAPTCHAs are frustrating for users or can be easily overcome. Anti-reverse engineering and digital rights management solutions that impede bot creation, e.g., unique client specific API keys, are only effective for the first bot.
Therefore, we present an obfuscation approach inspired by polymorphic malware and censorship resistance to increase the costs of duplicating bots for an attacker.
Our approach is called polymorphic protocols and enables each client of a service to use its own application protocol for communication. Therefore, a bot creator is forced to extract and reimplement a new protocol from a valid client for each bot that is created.
We integrate our approach into an existing ecosystem and implement the approach for Protobuf and Java. The results show that the overhead for service providers and users is low, depending on the deployment and chosen protocol configuration, while increasing the cost for an attacker for scaling bots.

Latest articles

Screenshot of the DSN 2025 Website

Photo: https://dsn2025.github.io/

21.03.2025|NET
Paper accepted at DSN'25

We are happy to announce that our paper, "QUIC-Aware Load Balancing: Attacks and Mitigations", was accepted for publication at the 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '25).

In this paper, we have presented attacks against insecure encoding schemes...

ACM SAC 2025 in Italy, Catania

Photo: https://www.sigapp.org/sac/sac2025/

11.12.2024|NET
Double tap at SAC'25

Double tap at the 40th ACM/SIGAPP Symposium On Applied Computing (SAC 2025)! We congratulate Heiko and Kevin for their listed works accepted to the conference:

"A Software-Defined Overlay Networking Middleware for a Simplified Deployment of Distributed Application at the Edge" "Unlinkable Data...