Konferenzpaper

Erschienen in: Secure IT Systems

Herausgeberliste: Askarov, Aslan; Hansen, René Rydhof; Rafnsson, Willard

Jahr der Veröffentlichung: 2019

Seiten: 188-203

ISBN: 978-3-030-35054-3

eISBN: 978-3-030-35055-0

DOI Link: https://doi.org/10.1007/978-3-030-35055-0_12

Konferenz: 24th Nordic Conference on Secure IT Systems (NordSec 2019)

Serientitel: Lecture Notes in Computer Science

Serienzählung: 11875

Abstract: 

Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have a major influence on opinion forming, understanding their behavior from a social science perspective is of greatest importance. In addition, technical aspects of services such as security or privacy are becoming more and more relevant for users, providers, and researchers. Due to the lack of essential data sets, automatic black box testing of online services is currently the only way for researchers to investigate these services in a methodical and reproducible manner. However, automatic black box testing of online services is difficult since many of them try to detect and block automated requests to prevent bots from accessing them.
In this paper, we introduce a testing tool that allows researchers to create and automatically run experiments for exploratory studies of online services. The testing tool performs programmed user interactions in such a manner that it can hardly be distinguished from a human user. To evaluate our tool, we conducted—among other things—a large-scale research study on Risk-based Authentication (RBA), which required human-like behavior from the client. We were able to circumvent the bot detection of the investigated online services with the experiments. As this demonstrates the potential of the presented testing tool, it remains to the responsibility of its users to balance the conflicting interests between researchers and service providers as well as to check whether their research programs remain undetected.

Harvard-Zitierstil: Wiefling, S., Gruschka, N. and Lo Iacono, L. (2019) Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services, in Askarov, A., Hansen, R. and Rafnsson, W. (eds.) Secure IT Systems. Cham: Springer. pp. 188-203. https://doi.org/10.1007/978-3-030-35055-0_12

APA-Zitierstil: Wiefling, S., Gruschka, N., & Lo Iacono, L. (2019). Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services. In Askarov, A., Hansen, R., & Rafnsson, W. (Eds.), Secure IT Systems. (pp. 188-203). Springer. https://doi.org/10.1007/978-3-030-35055-0_12