Thank you for joining us at our 20th Anniversary Event! All sessions were recorded and will be posted in the coming weeks on the OWASP YouTube channel.

We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, to gain access to the session links.

Friday, September 24 • 2:00pm - 2:30pm
Bot or human? Detecting malicious bots with machine learning in 2021

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Detecting malicious bots has become an extremely complex task. Bot developers deliberately design their software to bypass bot detection systems. They attack from perfect browsers and mobile apps, leveraging exactly the same browsers as humans or headless browsers like Headless Chrome. They know how to forge attributes that are commonly used for bot detection: they manipulate HTTP headers and their values and order, and change their browser fingerprints. Bad bots are also distributed in extremely elaborate ways. Many use residential IPs with excellent reputations, and they make very few requests per IP — sometimes only one. Finally, the best bots perfectly mimic human behavior. For example, they can imitate realistic mouse movements and keyword strokes, using generative adversarial networks.

So what does it take to efficiently distinguish advanced bots from real humans?

This talk will reveal the inner workings of a modern bot detection engine. We will see which signals are collected, and how they are enriched. We will discuss why it is mandatory to analyze both server-side and client-side signals. We will explore the challenges of authenticating good bots, and how to detect frameworks such as Puppeteer extra stealth, Playwright, Selenium and Headless Chrome. Finally, we will take a deep dive into machine learning approaches for bad bot detection, with a demonstration of how the respective strengths of supervised and unsupervised machine learning can be combined for maximum predictive accuracy.

Intro: What does a bad bot look like in 2021?
1.1. Bots use perfect browsers and apps
1.2. Bots attack from clean IP addresses
1.3. Bots run on real devices
1.4. Bots behave like humans

Overview of current bot detection techniques
2.1. Signals: why you need both server-side and client-side signals
2.2. IP reputation: how to extract valuable data from the humble IP address
2.3. So you say you’re Google? Authenticating good bots
2.4. Signature-based detection for simple bots
2.5. Detecting advanced bots with machine learning

Deep dive: Machine learning approaches for bot attack detection
3.1. Detecting proxies, forged headers, URL browsing, and more with supervised ML
3.2. Detecting Captcha farms with semi-supervised ML
3.3. Outlier detection with unsupervised ML
3.4. Detection techniques for single-request attacks

4. Feedback loops: managing false positives and preserving the human user experience

avatar for Benjamin Fabre

Benjamin Fabre

CTO, DataDome
Benjamin is the CTO of DataDome, co-founded with Fabien Grenier in 2015. A serial entrepreneur, he has specialized, over the past 15 years, in scalable web infrastructures, AI powered data stream processing and SaaS technologies. TrendyBuzz, his previous company, was acquired in 2014... Read More →
avatar for Antoine V

Antoine V

Head of Research, DataDome
Antoine Vastel is Head of Research at DataDome, overseeing the Threat Research team. In this role, he focuses on improving DataDome's real-time bot detection engine through different approaches, such as behavioral detection, HTTP/browser fingerprinting, (Residential) proxies/Infected... Read More →

Friday September 24, 2021 2:00pm - 2:30pm EDT