A polymorphic code generation engine with obfuscation techniques for protecting web bot attacks

A polymorphic code generation engine with obfuscation techniques for protecting web bot attacks

연구 분야: Analysis

학회: Iran Journal of Computer Science

Web traffic is increasingly dominated by automated programs known as web bots, which pose significant threats to the security and privacy of web applications. These bots autonomously navigate websites, post unsolicited comments, and automatically fill out web forms, contributing to a rise in cybercrimes, such as unauthorized web scraping and online ticket fraud. Traditional defense mechanisms like CAPTCHA are widely used to counter these threats; however, they often require users to solve complex challenges, reducing usability and remaining vulnerable to advanced bot attacks. This paper proposes a novel polymorphic web code generation engine designed to defend against web bot attacks by dynamically rewriting webpage content on each request. Sensitive elements, including email addresses and HTML input fields, are obfuscated using a multi-layered strategy that incorporates webpage minification, dead code insertion via dynamic opaque predicates, and a randomized sequence of 16 obfuscation functions. By ensuring that every webpage render produces a unique code structure, the proposed approach significantly hinders bots' ability to parse and exploit web content. Experimental evaluations conducted on multiple open-source and proprietary web platforms demonstrate that the proposed method outperforms traditional CAPTCHA-based and behavior-based defenses. Statistical analysis shows a reduction in successful bot attacks by up to 92.3%, with a server response time overhead of less than 12%, thereby enhancing security without compromising user experience. These results underscore the effectiveness of the polymorphic code generation engine as a scalable, low-overhead solution for mitigating web bot threats and strengthening overall web application security.