Bots Are Fast, Humans Are Smarter—Eliminate Unwanted Traffic and Defend Against DDoS

Wednesday, 2017, August 30 - 15:4016:10

Felix Glaser, Shopify

Abstract: 

In a world with ever-growing DDoS attacks, L7 attacks give even the most experienced engineers the sweats. Imagine if instead of following easy to detect patterns, bots could mimic the behaviour of customers. Well, that’s exactly what Shopify sees every day during flash sales.

Come and learn how we block nearly all bot traffic on our load balancers without any human intervention. We will share our challenges of differentiating between web crawlers and bots, users behind NATs and bots rotating user agents, as well as fast humans and browser extensions. When the stakes are blocking a customer completing a checkout, misclassification isn’t an option.

This is not yet another machine learning talk, but an example of how simple statistics, heuristics and some sane limits can give great results with minimal complexity. The lessons learned in this talk are applicable to any real-world problem with inexact constraints.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {205492,
author = {Felix Glaser},
title = {Bots Are Fast, Humans Are Smarter{\textemdash}Eliminate Unwanted Traffic and Defend Against DDoS},
year = {2017},
address = {Dublin},
publisher = {{USENIX} Association},
}