Nicht aus der Schweiz? Besuchen Sie lehmanns.de
The Reign of Botnets - David Senecal

The Reign of Botnets

Defending Against Abuses, Bots and Fraud on the Internet

(Autor)

Buch | Softcover
256 Seiten
2024
John Wiley & Sons Inc (Verlag)
978-1-394-26241-0 (ISBN)
CHF 54,10 inkl. MwSt
A top-to-bottom discussion of website bot attacks and how to defend against them

In The Reign of Botnets: Defending Against Abuses, Bots and Fraud on the Internet, fraud and bot detection expert David Senecal delivers a timely and incisive presentation of the contemporary bot threat landscape and the latest defense strategies used by leading companies to protect themselves. The author uses plain language to lift the veil on bots and fraud, making a topic critical to your website's security easy to understand and even easier to implement.

You'll learn how attackers think, what motivates them, how their strategies have evolved over time, and how website owners have changed their own behaviors to keep up with their adversaries. You'll also discover how you can best respond to patterns and incidents that pose a threat to your site, your business, and your customers.

The book includes:



A description of common bot detection techniques exploring the difference between positive and negative security strategies and other key concepts
A method for assessing and analyzing bot activity, to evaluate the accuracy of the detection and understand the botnet sophistication
A discussion about the challenge of data collection for the purpose of providing security and balancing the ever-present needs for user privacy

Ideal for web security practitioners and website administrators, The Reign of Botnets is the perfect resource for anyone interested in learning more about web security. It's a can't-miss book for experienced professionals and total novices alike.

David Sénécal is a Principal Product Architect at Akamai Technologies, leading a team of researchers, developers, and data scientists to build the next generation of fraud and abuse products. He has over twenty years of experience in network and web security and has dedicated the last 14 years to building bot management products. He’s a regular blogger and speaker at events like the OWASP Global Appsec conference. He was integrally involved in the development and maturation of the bot management concept in the cybersecurity industry.

Introduction xvii Chapter 1 A Short History of the Internet 1

From ARPANET to the Metaverse 2

The Different Layers of the Web 7

The Emergence of New Types of Abuses 9

The Proliferation of Botnets 11

Quantifying the Bot Traffic Volume on the Internet 14

Botnets Are Unpredictable 16

Bot Activity and Law Enforcement 18

Summary 19

Chapter 2 The Most Common Attacks Using Botnets 21

Account Takeover 22

Data Harvesting 23

Credential Harvesting 26

Account Takeover 31

Targeted ATO Attacks 34

A Credential Stuffing Attack Example 35

Account Opening Abuse 38

The Tree Hiding the Forest 39

Fraud Ring 41

Web Scraping 48

The Intent Behind Scraping by Industry 49

Good Bot Scraping 51

Inventory Hoarding 53

Business Intelligence 55

Scalping: Hype Events 58

Online Sales Events Mania and Scalping 58

The Retailer Botnet Market 59

Anatomy of a Hype Event 61

Carding Attacks 64

Gift Cards 65

Credit Card Stuffing 66

Spam and Abusive Language 66

Summary 67

Chapter 3 The Evolution of Botnet Attacks 69

Incentive vs. Botnet Sophistication 70

HTTP Headers 101 71

Common HTTP Headers 71

Legitimate Browser Signatures 74

Header Signatures from Bot Requests 75

The Six Stages of a Botnet Evolution 77

Stage 1: Deploy the Botnet on a Handful of Nodes Running a Simple Script 77

Stage 2: Scale the Botnet and Impersonate the Browsers' Header Signatures 79

Stage 3: Reverse Engineer JavaScript and Replay Fingerprints 80

Stage 4: Force the Web Security Product to Fail Open 81

Stage 5: Upgrade the Botnet to a Headless Browser 82

Stage 6: Resort to Human/Manual Attack 84

Botnets with CAPTCHA-Solving Capabilities 85

Human-Assisted CAPTCHA Solver 85

Computer Vision 88

The CAPTCHA Solver Workflow 88

AI Botnets 89

The Botnet Market 91

Summary 93

Chapter 4 Detection Strategy 95

Data Collection Strategy 96

Positive vs. Negative Security 98

The Evolution of the Internet Ecosystem 99

The Evolution of Detection Methods 100

Interactive Detection 100

Transparent Detection 103

The State of the Art 106

Transparent Detection Methods 108

Good Bot Detection 109

Good Bot Categories 111

IP Intelligence 115

Cookie Handling 118

JavaScript Execution Handling 119

Device Intelligence 120

Proof of Work 123

Behavioral Biometric Detection 125

Headless Browser Detection 128

User-Behavior Anomaly Detection 130

Email Intelligence 135

Advanced PII Data Assessment 140

Risk Scoring 142

Formula 143

Consuming the Risk Score 144

Summary 145

Chapter 5 Assessing Detection Accuracy 147

Prerequisites 148

High-Level Assessment 149

Website Structure 150

Website Audience 151

Types of Clients 151

Assessing the Shape of the Traffic 152

Quantitative Assessment (Volume) 155

Feedback Loop 156

Response Strategy Assessment 158

Low-Level Assessment 158

IP Intelligence 159

Device Intelligence 163

Assessment Guidelines 168

Identifying Botnets 170

Botnet Case Study 173

The Evening Crawler 174

The Sprint Scraper 175

The Night Crawler 176

The Cloud Scraper 177

Summary 177

Chapter 6 Defense and Response Strategy 179

Developing a Defense Strategy 180

Do-It-Yourself 180

Buying a Bot Management Product from a Vendor 182

Defense in Depth 184

Technology Stack to Defend Against Bots and Fraud 186

Detection Layer to Protect Against Bot Attacks 186

Detection Layer to Protect Against Online Fraud 188

Response Strategies 189

Simple Response Strategies 190

Advanced Response Strategies 191

Operationalization 193

Mapping a Response Strategy to a Risk Category 193

Preparing for Special Events 195

Defending Against CAPTCHA Farms 196

Summary 197

Chapter 7 Internet User Privacy 199

The Privacy vs. Security Conundrum 199

The State of Privacy and Its Effect on Web Security 201

IP Privacy 201

Cookie Tracking Prevention 204

Anti-fingerprinting Technology 206

The Private Access Token Approach 213

The High-Level Architecture 214

The PAT Workflow 214

PAT Adoption 216

Summary 218

References 219

Index 223

Erscheinungsdatum
Reihe/Serie Tech Today
Verlagsort New York
Sprache englisch
Maße 185 x 234 mm
Gewicht 363 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
ISBN-10 1-394-26241-8 / 1394262418
ISBN-13 978-1-394-26241-0 / 9781394262410
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
CHF 48,95

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
CHF 39,20