What is bot detection? | How to detect & block bad bots

Bot detection is the process of distinguishing between bot and human activity, as well as between malicious and legitimate bots. It is the first step in bot mitigation.

Bots can generate over 50% of the traffic to your website. Some bots enhance the user journey. These include responsive chatbots, search engine web crawlers, and bots that test and monitor website performance.

But the majority of bots are bad for business. Malicious bots can execute automated attacks against web and mobile applications, and APIs. These include account takeover (ATO), credential stuffing and carding attacks. Bots can also create fake accounts, hoard and scalp your inventory, scrape product and pricing information.

Website owners must accurately detect and mitigate bad bots, without impacting user experience. This is essential to protecting brand reputation and revenue, optimizing efficiency and maintaining user loyalty.

Bot detection works by recognizing markers of bad bots, including requests originating from malicious domains and patterns of behavior exhibited. Bots engage with web and mobile applications, and APIs in distinct ways from humans. Establishing a baseline of normal human web activity and recognizing anomalous behavior from incoming traffic is at the core of effective bot detection.

Here are some characteristics to look at to detect malicious bots:

• Volume and Rate of Activity: Bot traffic may flood a website in large volumes. Unlike human end users, bots can view a massive volume of pages virtually instantaneously and move through multiple pages quickly. Humans, on the other hand, interact with a page in many ways and click at a moderate pace.
• Session Duration: The duration of human sessions is fairly consistent, but bots exhibit more varied view times. Bot sessions are often much shorter or much longer than human sessions. Brief crawling sessions typically entail visiting a page and then immediately leaving it. Other bot sessions last far longer than human traffic, usually indicating that a bot is browsing the site very slowly.
• Origin of Traffic: Malicious traffic may originate from regions different from where your customers usually live. It is especially suspicious if the traffic comes from a geography that uses a language unfamiliar to your typical client base.
• Unusual Behavior: Malicious bot traffic can also be detected by increases in unusual customer activity. Cyberattacks from bad actors reveal themselves through surges in end user login failures and password resets, failed transactions and high volume new account creations.

Bot detection is important because it allows for effective bot mitigation, which is crucial to protecting online businesses’ revenue and reputation. Leveraging an accurate bot detection solution has several key benefits:

• Prevents financial losses: Successful bot attacks can cause large financial losses due to refunds, chargebacks, lawsuits, regulatory fines and decreased stock value. And the damage to brand reputation can negatively impact long-term growth and profits.
• Protects brand reputation and consumer trust: If bot traffic goes undetected, it can result in ATO, credential stuffing and carding attacks that steal value from your users and expose their personal information. This can lead to angry customers and bad press, which negatively impacts brand reputation and consumer trust. Having a bot detection solution in places gives users confidence that their identities and accounts will be safe on your site.
• Ensures accurate analytics: High volumes of bot traffic — both legitimate and malicious — can lead businesses to falsely categorize their website activity and result in poor business decisions about pricing, stocking goods, and investing in marketing and advertising.  By distinguishing human activity from bots, businesses can make good strategic decisions based on accurate numbers for real human visitors.
• Maintains website performance and preserves user experience: Bot traffic can tax your infrastructure and compromise website performance. Longer page load times frustrate human users, driving them to your competitors. Blocking bots, without increasing latency, helps your website run smoothly and preserves user experience.

Here are a few techniques that bot management solutions may employ to detect bad bots on web and mobile applications, and APIs:

• Fingerprinting: Fingerprinting is the process of analyzing information to detect the software, network protocols, operating systems, or hardware devices from which a request originates. This allows security solutions to identify traffic coming from malicious sources.
• Verification challenges: Website owners can deploy challenge problems that only humans can solve. A CAPTCHA is a common example of this verification process. But CAPTCHA tests disrupt the user journey, frustrate human users and drive abandonment.
  CAPTCHA tests also cannot guarantee protection because today’s sophisticated bots can easily solve CAPTCHAs. Alternatively, cybercriminals can leverage inexpensive CAPTCHA-solving farms. Human Challenge, an alternative human verification, preserves user experience by weeding out bad bots with a single click.
• Honeypots: Honeypots are traps designed to trick a bot into revealing itself. An example is adding a hidden HTML input element to a page that legitimate human users can’t see. So, if a user accesses the element, you can be sure it’s a bot. Another technique is to stack two clickable elements in the same place on a page. Human users can only click on the upper element, while bots will click on both.
• Behavioral Analysis: Modern solutions take a behavior-based approach to bot management. Machine learning systems closely study all user behaviors and compare bot behaviors with those of legitimate human users. This technology spots small anomalies in user patterns including on page behavior, network signature and client and browser versions.
  By studying hundreds of variables, machine learning systems can identify even the most sophisticated attacks which would be invisible to human inspection. This can be used as a constant feedback and learning tool, continuously updating a dataset of attack patterns, based on hundreds of billions of interactions with web, mobile applications, and APIs.

After detecting bad bots, here are a few ways to manage the malicious traffic:

• Rate-limit with a WAF: Websites can leverage web application firewalls (WAFs) to set rate limits for actions like credit card inputs and login attempts. Rate limiting won’t stop an attack, but it will slow it down so website owners can intervene.
  While WAFs are a good foundation, they are not enough to block bots alone. Advanced bots can get past WAFs by mirroring user behavior and rotating through many different IP addresses to bypass IP-bases rules. These evasive bots can comprise more than 65% of all bad bots.
• Require proof of work: Proof of work (PoW) requires a user’s device to solve a computational challenge before executing an action, such as logging into an account or completing a transaction. This consumes a lot of energy and CPU cycles when multiple bots try to complete an action simultaneously from a single device. PoW places a cost burden on attackers, and they lose incentive to return to the website.
• Block or redirect traffic: Website owners can block bot access using block pages, redirect the malicious traffic or block the internet address responsible for the bot traffic.

The Human Defense Platform offers a suite of bot management solutions that use a combination of intelligent fingerprinting, behavioral analysis, and pattern recognition to detect and mitigate bad bots with unparalleled accuracy. These include Account Takeover Defense, Transaction Abuse Defense, Scraping Defense, Fake Account Defense, Ad Fraud Defense, and Data Contamination Defense. The machine learning system identifies bots in real-time on web and mobile apps, and APIs.

HUMAN’s bot management solutions are designed for low latency, functioning out-of-band so it does not impact application performance. The solution easily integrates with any infrastructure, including CDNs, web servers, middleware. This optimizes security resources and infrastructure costs, and enables your team to focus on innovation and growth instead of catching malicious bots.

What does CAPTCHA mean? | How CAPTCHAs work

What is account takeover? | How to detect & stop it

Carding: what it is and how to prevent it

What is scraping? | Protection from web scraping & data scraping

What is bot mitigation? | 4 types of bots & botnets | How to stop bots