What is Mimicked User Browsing?
A Mimicked User Browsing DDoS attack involves botnets that pose as legitimate users attempting to access a website. A sufficiently high volume of these bots will ultimately overwhelm the target website causing it to crash, or making it impossible for legitimate traffic to get through. The common motive behind such DDoS attacks may be financial or political.
What Are the Signs of a Mimicked User Browsing DDoS Attack?
Similar to other application layer DDoS attacks, Because Mimicked User Browsing is designed to replicate the activity of a legitimate human browsing, it is difficult to detect. The website will quickly become heavily loaded as the bots outnumber the actual users, making it difficult to service legitimate requests. These kinds of DDoS attacks are difficult to detect as the attacker is posing as legitimate users.
Why is Mimicked User Browsing Dangerous?
In these types of DDoS attacks, botnets are difficult to distinguish from legitimate user browsing. Mimicked User Browsing is designed to generate request traffic that closely mimics statistical metrics, making them difficult to detect and therefore difficult to prevent. As previously mentioned, these DDoS attacks are designed to overwhelm the server, rendering the website inaccessible to legitimate users.
How to Mitigate and Prevent Mimicked User Browsing
A common method used to prevent this kind of DDoS attack is to use some kind of captcha controls, displaying images or patterns which a human is capable of responding to, but a bot would struggle with.
One strategy that has been proposed for detecting mimicked user browsing is to insert a number of invisible hyperlinks into every Web page. These links would then direct traffic to a specially designated page. Since human browsers would never click on the hyperlinks since they would be invisible, only bots that are crawling the pages would go to the special page.
Other DDoS mitigation methods for mimicked user browsing involve using behavioral analysis and advanced traffic analysis to analyze the user behavior and request patterns, attempting to learn the difference between legitimate user behavior and the bot attacks.
How can NETSCOUT help?
NETSCOUT's Arbor DDoS solution has been protecting the world's largest and most demanding networks from DDoS attacks for more than a decade. We strongly believe that the best way to protect your resources from modern DDoS attacks is through a multi-layer deployment of purpose-built DDoS mitigation solutions.
Only with a tightly integrated, multi-layer defense can you adequately protect your organization from the full spectrum of DDoS attacks.
Arbor SP/Threat Mitigation System
NETSCOUT customers enjoy a considerable competitive advantage by getting both a micro view of their own network, via our products, combined with a macro view of global Internet traffic, via NETSCOUT Omnis Threat Horizon, an interface to our ATLAS threat intelligence and a DDoS Attack Map visualization.
Related Resources
Application Layer Attack
Looking for more information about application layer DDoS attacks? You’ve come to the right place. Get the information you need to keep your network safe.
Digital Attack Map
Click here to view a live global map of DDoS attack activity through NETSCOUT Omnis Threat Horizon.
ASERT Blog
Read the latest news and insights from NETSCOUT’s world-class security researchers and analysts.