How malicious bots interact with an online contest with gamification : A study in methods for identifying and protecting against bots

Sammanfattning: Setting up online contests with gamification is an effective marketing method, but which brings security complications. By having rewards with high value, cheaters are attracted to participate with the use of malicious bots. To distinguish bots from humans different methods are used which are divided into Human Interactive Proof (HIP) and Human Observational Proof (HOP). This report aims to look at the effectiveness of the most popular HIPs and HOPs and how an attacker is able to bypass them. From the results, parameters that are of interest when implementing a framework to detect and prevent malicious bots, are presented. Data was collected from five honeypot systems. It is concluded that CAPTCHAs should be used as much as possible, together with HMAC and an Intrusion Detection System (IDS) based on click diversity and submissions per IP-address.