Conference paper

Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services


Authors listWiefling, Stephan; Gruschka, Nils; Lo Iacono, Luigi

Appeared inSecure IT Systems

Editor listAskarov, Aslan; Hansen, René Rydhof; Rafnsson, Willard

Publication year2019

Pages188-203

ISBN978-3-030-35054-3

eISBN978-3-030-35055-0

DOI Linkhttps://doi.org/10.1007/978-3-030-35055-0_12

Conference24th Nordic Conference on Secure IT Systems (NordSec 2019)

Title of seriesLecture Notes in Computer Science

Number in series11875


Abstract

Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have a major influence on opinion forming, understanding their behavior from a social science perspective is of greatest importance. In addition, technical aspects of services such as security or privacy are becoming more and more relevant for users, providers, and researchers. Due to the lack of essential data sets, automatic black box testing of online services is currently the only way for researchers to investigate these services in a methodical and reproducible manner. However, automatic black box testing of online services is difficult since many of them try to detect and block automated requests to prevent bots from accessing them.
In this paper, we introduce a testing tool that allows researchers to create and automatically run experiments for exploratory studies of online services. The testing tool performs programmed user interactions in such a manner that it can hardly be distinguished from a human user. To evaluate our tool, we conducted—among other things—a large-scale research study on Risk-based Authentication (RBA), which required human-like behavior from the client. We were able to circumvent the bot detection of the investigated online services with the experiments. As this demonstrates the potential of the presented testing tool, it remains to the responsibility of its users to balance the conflicting interests between researchers and service providers as well as to check whether their research programs remain undetected.




Citation Styles

Harvard Citation styleWiefling, S., Gruschka, N. and Lo Iacono, L. (2019) Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services, in Askarov, A., Hansen, R. and Rafnsson, W. (eds.) Secure IT Systems. Cham: Springer. pp. 188-203. https://doi.org/10.1007/978-3-030-35055-0_12

APA Citation styleWiefling, S., Gruschka, N., & Lo Iacono, L. (2019). Even Turing Should Sometimes Not Be Able to Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services. In Askarov, A., Hansen, R., & Rafnsson, W. (Eds.), Secure IT Systems. (pp. 188-203). Springer. https://doi.org/10.1007/978-3-030-35055-0_12


Last updated on 2025-05-08 at 13:51