Forensics analysis of the malicious bot scrapers ecosystem

Apply

Project Description

Web scraping bots are now using so-called RESidential IP Proxy (RESIP) services to defeat state-of-the-art commercial bot countermeasures RESIP providers promise their customers to give them access to tens of millions of residential IP addresses, which belong to legitimate users. They dramatically complicate the task of the existing anti-bot solutions and give the upper hand to the malicious actors. We have developed a new technique to detect traffic coming through such proxy and, in collaboration with industrial partners, have gathered a very large datasets of such connections, and measures thereof. In this project, we want to analyse that dataset according to various view points and, in particular, we want to investigate whether it is possible to use a new multilateration algorithm that we have developed to geolocalize the malicious actors hidden behind the proxies. If successfull, this would immensely benefit the good actors trying to protect the scraped websites. This work will require strong analytical skills, rigorous mindsets and creativity. The intern will have to try to extract intelligence information from a large dataset. A desire to acquire hands on experience with big data analytics (most likely SQL based) as well with visualization techniques is a must. Python programming will most likely be required.

Program - Computer Science

Division - Computer, Electrical and Mathematical Sciences and Engineering

Faculty Lab Link - https://cemse.kaust.edu.sa/org/serber

Center Affiliation - Resilient Computing and Cybersecurity Center

Field of Study - web security

About the
Researcher

Marc Dacier

Professor, Computer Science<br/>Associate Director of Resilient Computing and Cybersecurity Center

Marc Dacier is a full professor of Computer Science (CS) and a member of the Resilience Computing and Cybersecurity research Center (RC3) at King Abdullah University of Sciences and Technology, Saudi Arabia.

Dr. Dacier obtained his Ph.D. from INPT in 1994 from his work done at LAAS, CNRS, in Toulouse (France). Since then, he has had a balanced career between industry and academia. After his thesis, he worked for one year as a security consultant in Paris, France, for France Telecom and the French ministry of interior. In 1996, he joined IBM Research in Zurich (Switzerland) to create the Global Security Analysis Laboratory (GSAL). In 2002, he became a professor at Eurecom. In 2008, he joined Symantec to build its European Research Labs. Later, he spent two years in the USA to manage all the collaborative research projects, worldwide. In that role, he was in charge of teams in France, Ireland, and in the United States. He was also the university relationship manager for Symantec Research Labs, worldwide. In 2014, he became the director of the cybersecurity research group at QCRI, in Qatar, where he lived for 3 years. In October 2017, Dr. Dacier came back to EURECOM to become the head of the Digital Security department and a full professor. An internationally recognized expert in cybersecurity, Dr. Dacier has served on more than 120 program committees of all major security and dependability conferences and as a member of the editorial board of several top-tier technical peer-reviewed journals.

Desired Project Deliverables

a platform to systematically analyse large amount of data provided to the intern must be built. It will offer a visualisation of the intelligence extracted from the data by the intern. If successful, this could lead to a scientific paper to be written for a conference dealing with security visualisation techniques.