What is Mimicked User Browsing?
A Mimicked User Browsing DDoS attack involves botnets that pose as legitimate users attempting to access a website. A sufficiently high volume of these bots will ultimately overwhelm the target website causing it to crash, or making it impossible for legitimate traffic to get through. The common motive behind such DDoS attacks may be financial or political.
What Are the Signs of a Mimicked User Browsing Attack?
Similar to other application layer DDoS attacks, Because Mimicked User Browsing is designed to replicate the activity of a legitimate human browsing, it is difficult to detect. The website will quickly become heavily loaded as the bots outnumber the actual users, making it difficult to service legitimate requests. These kinds of attacks are difficult to detect as the attacker is posing as legitimate users.
Why is Mimicked User Browsing Dangerous?
In these types of attacks, botnets are difficult to distinguish from legitimate user browsing. Mimicked User Browsing is designed to generate request trafﬁc that closely mimics statistical metrics, making them difficult to detect and therefore difficult to prevent. As previously mentioned, these attacks are designed to overwhelm the server, rendering the website inaccessible to legitimate users.
How to Mitigate and Prevent Mimicked User Browsing
A common method used to prevent this kind of attack is to use some kind of captcha controls, displaying images or patterns which a human is capable of responding to, but a bot would struggle with.
One strategy that has been proposed for detecting mimicked user browsing is to insert a number of invisible hyperlinks into every Web page. These links would then direct traffic to a specially designated page. Since human browsers would never click on the hyperlinks since they would be invisible, only bots that are crawling the pages would go to the special page.
Other DDoS mitigation methods for mimicked user browsing involve using behavioral analysis and advanced traffic analysis to analyze the user behavior and request patterns, attempting to learn the difference between legitimate user behavior and the bot attacks.