About 50 percent of all internet traffic each year involves bots. Bots are pieces of software that automate tasks that run on the internet. With the addition of artificial intelligence (AI), automation and machine learning, bots are becoming more intelligent and humanlike. They can learn and adapt and increasingly are able to mimic real users, thus getting harder to detect. Black hat hackers are using bots to do their dirty work. White hat hackers are using them to assist in uncovering attacks, as well as defending networks from intruders with the use of data analytic tools and techniques.
Good bot examples
- Web crawlers index Google and Bing search engines.
- Chatbots (Google Now, Alexa, Siri and web site bots) uses voice queries or texts to answer questions, provide recommendations and perform commands. They utilize AI and machine learning to provide interactions with students, customers, etc. When a chatbot is not able to help, the request is forwarded to a real human.
- Threat hunters help cybersecurity professionals uncover threats from large amounts of data, such as logs and network traffic data. There is so much data available to cyber professionals today that data science processes and tools are being used in cybersecurity in highly effective ways to help defend and prevent attacks from happening in the first place.
Bad bot examples
- Impersonators use brute force and other techniques to log in to systems.
- Scrapers are used to steal or copy content.
- AI probes for open ports, outdated services, unpatched vulnerable systems, etc.
- Botnets overload websites/networks with traffic (Distributed Denial of Service or DDoS), steal information, send spam, etc. A botnet is a network of internet connected devices such as clients, servers and increasingly, Internet of Things (IoT) devices that coordinate to attack organizations and systems. They can be delivered to systems through spam, phishing attacks and other techniques. Hackers can control a botnet once it is installed on a system and create havoc.
- Vulnerability hunters try to exploit apps, systems, plugins or content management systems.
So, how do you protect and defend your network from them? One technique is to use web application firewalls (WAF) to help filter out unwanted bots. A WAF looks at several key things such as user agents, geolocation enforcement, limiting sessions and login attempts. Another technique is to employ intrusion detection systems and fine tune its setup. None of these techniques are 100 percent effective. Bots today are employing AI and machine learning. They can look like valid users and are able to avoid detection.
So, how can you create good bots? Try Robotic Process Automation (RPA). This tool allows employees to create bots to automate repetitive tasks. It can help you capture data, process transactions and communicate with other systems. On a PDF form, a bot can interpret the information and add it to the existing database automatically. For good or bad, bots are here to stay, and their proliferation is most certainly assured.
Dr. Keith Morneau is dean of ECPI University’s Computer and Information Science program. He can be reached at 703-330-5300 ext. 55253 or at KMorneau@ecpi.edu.
