Volltext-Downloads (blau) und Frontdoor-Views (grau)

Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services

  • Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have a major influence on opinion forming, understanding their behavior from a social science perspective is of greatest importance. In addition, technical aspects of services such as security or privacy are becoming more and more relevant for users, providers, and researchers. Due to the lack of essential data sets, automatic black box testing of online services is currently the only way for researchers to investigate these services in a methodical and reproducible manner. However, automatic black box testing of online services is difficult since many of them try to detect and block automated requests to prevent bots from accessing them. In this paper, we introduce a testing tool that allows researchers to create and automatically run experiments for exploratory studies of online services. The testing tool performs programmed user interactions in such a manner that it can hardly be distinguished from a human user. To evaluate our tool, we conducted - among other things - a large-scale research study on Risk-based Authentication (RBA), which required human-like behavior from the client. We were able to circumvent the bot detection of the investigated online services with the experiments. As this demonstrates the potential of the presented testing tool, it remains to the responsibility of its users to balance the conflicting interests between researchers and service providers as well as to check whether their research programs remain undetected.

Download full text files

Export metadata

Additional Services

Search Google Scholar


Author:Stephan Wiefling, Nils Gruschka, Luigi Lo Iacono
Descirption of the primary publication:24th Nordic Conference on Secure IT Systems (NordSec 2019), Aalborg, Denmark, November 18–20, 2019, Proceedings, Lecture Notes in Computer Science, vol. 11875
Document Type:Conference Proceeding
Date of first Publication:2019/11/18
Date of Publication (online):2019/10/30
GND-Keyword:Automation; Blackbox; Browser; Internet
Tag:Black box testing; Evaluation; Testing framework
Page Number:16
Institutes:Informations-, Medien- und Elektrotechnik (F07) / Fakultät 07 / Institut für Medien- und Phototechnik
CCS-Classification:D. Software / D.2 SOFTWARE ENGINEERING (K.6.3) / D.2.5 Testing and Debugging / Testing tools (e.g., data generators, coverage testing) (REVISED)
D. Software / D.3 PROGRAMMING LANGUAGES / D.3.3 Language Constructs and Features (E.2) / Frameworks (NEW)
H. Information Systems / H.5 INFORMATION INTERFACES AND PRESENTATION (e.g., HCI) (I.7) / H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6) / Evaluation/methodology
Dewey Decimal Classification:000 Allgemeines, Informatik, Informationswissenschaft
Open Access:Open Access
Licence (German):License LogoEs gilt das UrhG