Bot Detection by Prophaze WAF

Bad Bots are the source of malware that makes identifying and removing them is critical.

A key security priority for any business with an online presence should be the Bot Detection. Today’s online businesses face most serious security threats are because of the Malicious bots (one-third of total web traffic globally). Bot developers are continuously finding new ways to evade the bot detection features of standard security solutions. They begin to make use of artificial intelligence. Without truly specialized knowledge and artificial intelligence, efficient bot detection will be quite difficult.

Botnet detection can be considered as a challenging issue because adversaries are persistently improving bots to create them stealthier. Since existing anomaly-based detection mechanisms are too heavy or generate non-negligible amount of false alarms, they are not sufficient to defend sophisticated botnets.Tracing attack sources is hardly achieved by existing mechanisms due to the pervasive use of source concealment techniques, such as an IP spoofing and a malicious proxy.

Detect Bot Traffic in Web Analytics

Some parameters you can use manually to check your web analytics, to detect bot traffic hitting a website:

  • Traffic trends: the abnormal spikes in traffic might indicate bots hitting the site. This is particularly true if the traffic occurs during odd hours.

  • Bounce rate: abnormal highs and lows may be a sign of bad bots. Example, bots that hit a specific page on the site and then switch IP will appear to have 100% bounce.

  • Traffic sources: On malicious attack, the primary channel sending traffic is “direct” traffic and the traffic will consist of new users and sessions.

  • Server performance: a slowdown in server performance may be a hint of bots.

  • Suspicious IPs/geo-locations: an activity increment to an unknown IP range or to a region you don’t have business/ offices. A big number of suspicious hits from a single IP because bots will often request all pages instead of selective ones.

  • Language sources: seeing hits from other languages your customers do not typically use.

The above mentioned can be considered as the indicators of bot activity. Be aware that sophisticated malicious bots can generate a realistic, user-like signature in your web analytics. It would be better to use a dedicated bot management solution which offers the full bot traffic visibility.

Read more on Advanced Mitigation