Conference paper
Authors list: Wiefling, Stephan; Gruschka, Nils; Lo Iacono, Luigi
Appeared in: Secure IT Systems
Editor list: Askarov, Aslan; Hansen, René Rydhof; Rafnsson, Willard
Publication year: 2019
Pages: 188-203
ISBN: 978-3-030-35054-3
eISBN: 978-3-030-35055-0
DOI Link: https://doi.org/10.1007/978-3-030-35055-0_12
Conference: 24th Nordic Conference on Secure IT Systems (NordSec 2019)
Title of series: Lecture Notes in Computer Science
Number in series: 11875
Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have a major influence on opinion forming, understanding their behavior from a social science perspective is of greatest importance. In addition, technical aspects of services such as security or privacy are becoming more and more relevant for users, providers, and researchers. Due to the lack of essential data sets, automatic black box testing of online services is currently the only way for researchers to investigate these services in a methodical and reproducible manner. However, automatic black box testing of online services is difficult since many of them try to detect and block automated requests to prevent bots from accessing them.
Abstract:
In this paper, we introduce a testing tool that allows researchers to create and automatically run experiments for exploratory studies of online services. The testing tool performs programmed user interactions in such a manner that it can hardly be distinguished from a human user. To evaluate our tool, we conducted—among other things—a large-scale research study on Risk-based Authentication (RBA), which required human-like behavior from the client. We were able to circumvent the bot detection of the investigated online services with the experiments. As this demonstrates the potential of the presented testing tool, it remains to the responsibility of its users to balance the conflicting interests between researchers and service providers as well as to check whether their research programs remain undetected.
Citation Styles
Harvard Citation style: Wiefling, S., Gruschka, N. and Lo Iacono, L. (2019) Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services, in Askarov, A., Hansen, R. and Rafnsson, W. (eds.) Secure IT Systems. Cham: Springer. pp. 188-203. https://doi.org/10.1007/978-3-030-35055-0_12
APA Citation style: Wiefling, S., Gruschka, N., & Lo Iacono, L. (2019). Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services. In Askarov, A., Hansen, R., & Rafnsson, W. (Eds.), Secure IT Systems. (pp. 188-203). Springer. https://doi.org/10.1007/978-3-030-35055-0_12