{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T08:23:43Z","timestamp":1771230223909,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678918","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"166-180","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Encrypted Endpoints: Defending Online Services from Illegitimate Bot Automation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-9588-7096","authenticated-orcid":false,"given":"Richard August","family":"See","sequence":"first","affiliation":[{"name":"Universit\u00e4t Hamburg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-5377-6541","authenticated-orcid":false,"given":"Kevin","family":"R\u00f6bert","sequence":"additional","affiliation":[{"name":"Universit\u00e4t Hamburg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6254-8288","authenticated-orcid":false,"given":"Mathias","family":"Fischer","sequence":"additional","affiliation":[{"name":"Universit\u00e4t Hamburg, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2021. Humanity Wastes about 500 Years per Day on CAPTCHAs. It\u2019s Time to End This Madness. http:\/\/blog.cloudflare.com\/introducing-cryptographic-attestation-of-personhood\/"},{"key":"e_1_3_2_2_2_1","unstructured":"2022. 2022 Bad Bot Report | Evasive Bots Drive Online Fraud | Imperva. https:\/\/www.imperva.com\/resources\/resource-library\/reports\/bad-bot-report\/"},{"key":"e_1_3_2_2_3_1","unstructured":"2022. Facebook Gets Round Tracking Privacy Measure by Encrypting Links. https:\/\/www.malwarebytes.com\/blog\/news\/2022\/07\/facebook-gets-round-tracking-privacy-measure-by-encrypting-links"},{"key":"e_1_3_2_2_4_1","unstructured":"2023. Intel\u00ae Advanced Encryption Standard Instructions (AES-NI). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/advanced-encryption-standard-instructions-aes-ni.html"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TBIOM.2021.3112540"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2014.10.009"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101635"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991114"},{"key":"e_1_3_2_2_9_1","volume-title":"Social bots distort the 2016 US Presidential election online discussion. First monday 21, 11-7","author":"Bessi Alessandro","year":"2016","unstructured":"Alessandro Bessi and Emilio Ferrara. 2016. Social bots distort the 2016 US Presidential election online discussion. First monday 21, 11-7 (2016)."},{"key":"e_1_3_2_2_10_1","unstructured":"BinBashBanana. 2024. BinBashBanana\/html-obfuscator. https:\/\/github.com\/BinBashBanana\/html-obfuscator original-date: 2020-04-22T00:23:10Z."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2010.89"},{"key":"e_1_3_2_2_12_1","unstructured":"Christian Collberg. 2001. the tigress c obfuscator. Retrieved 2021-12-07 from https:\/\/tigress.wtf\/about.html"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0026"},{"key":"e_1_3_2_2_14_1","first-page":"78","article-title":"Prevent XPath and CSS Based Scrapers by Using Markup","volume":"5","author":"Diab Ahmed","year":"2018","unstructured":"Ahmed Diab and Tawfiq Barhoum. 2018. Prevent XPath and CSS Based Scrapers by Using Markup Randomizer.Int. Arab. J. e Technol. 5, 2 (2018), 78\u201387.","journal-title":"Randomizer.Int. Arab. J. e Technol."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"crossref","unstructured":"R Fielding M Nottingham and J Reschke. 2022. RFC 9110: HTTP Semantics.","DOI":"10.17487\/RFC9110"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"crossref","unstructured":"Roy Fielding and Julian Reschke. 2014. RFC 7231: Hypertext Transfer Protocol (HTTP\/1.1): semantics and content.","DOI":"10.17487\/rfc7231"},{"key":"e_1_3_2_2_18_1","unstructured":"Nick Heath. 2010. Expedia on how one extra data field can cost $12m. https:\/\/www.zdnet.com\/article\/expedia-on-how-one-extra-data-field-can-cost-12m\/. Accessed: 2021-10-18."},{"key":"e_1_3_2_2_19_1","volume-title":"RAID","author":"Hossen Md\u00a0Imran","year":"2020","unstructured":"Md\u00a0Imran Hossen, Yazhou Tu, Md\u00a0Fazle Rabby, Md\u00a0Nazmul Islam, Hui Cao, and Xiali Hei. 2020. An Object Detection based Solver for { Google\u2019s} Image { reCAPTCHA} v2. In RAID 2020. 269\u2013284."},{"key":"e_1_3_2_2_20_1","unstructured":"Apple Inc. [n. d.]. Replace CAPTCHAs with Private Access Tokens - WWDC22 - Videos. https:\/\/developer.apple.com\/videos\/play\/wwdc2022\/10077\/"},{"key":"e_1_3_2_2_21_1","unstructured":"ProtWare Inc.[n. d.]. Encrypt HTML source Javascript ASP. Protect links & images. HTML encryption. https:\/\/www.protware.com\/"},{"key":"e_1_3_2_2_22_1","unstructured":"Jscrambler. [n. d.]. Webpage Integrity: Manage Third-party Risks. https:\/\/jscrambler.com\/webpage-integrity"},{"key":"e_1_3_2_2_23_1","unstructured":"Timofey Kachalov. [n. d.]. javascript-obfuscator\/javascript-obfuscator: A powerful obfuscator for JavaScript and Node.js. https:\/\/github.com\/javascript-obfuscator\/javascript-obfuscator"},{"key":"e_1_3_2_2_24_1","unstructured":"Albert Koczy. 2023. Mitmproxy2swagger. https:\/\/github.com\/alufers\/mitmproxy2swagger"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11831-021-09608-4"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW.2014.17"},{"key":"e_1_3_2_2_27_1","unstructured":"Wei Liu. 2018. Introducing reCAPTCHA v3: the new way to stop bots. https:\/\/developers.google.com\/search\/blog\/2018\/10\/introducing-recaptcha-v3-new-way-to. Accessed: 2021-05-20."},{"key":"e_1_3_2_2_28_1","unstructured":"Intuition Machines. 2018. Stop more bots. Start protecting user privacy.https:\/\/www.hcaptcha.com\/. Accessed: 2021-05-20."},{"key":"e_1_3_2_2_29_1","unstructured":"Genesis Mobile. [n. d.]. JavaScript Obfuscator - Protect your JavaScript Code. https:\/\/jasob.com\/"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00065"},{"key":"e_1_3_2_2_31_1","volume-title":"Proceedings of W2SP 2012","author":"Mowery Keaton","year":"2012","unstructured":"Keaton Mowery and Hovav Shacham. 2012. Pixel perfect: Fingerprinting canvas in HTML5. Proceedings of W2SP 2012 (2012)."},{"key":"e_1_3_2_2_32_1","volume-title":"European Symposium on Research in Computer Security. Springer, 106\u2013124","author":"Fritz Leon","year":"2022","unstructured":"August See, Leon Fritz, and Mathias Fischer. 2022. Polymorphic Protocols at the Example of Mitigating Web Bots. In European Symposium on Research in Computer Security. Springer, 106\u2013124."},{"key":"e_1_3_2_2_33_1","volume-title":"IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 73\u201386","author":"Wingarz Tatjana","year":"2023","unstructured":"August See, Tatjana Wingarz, Matz Radloff, and Mathias Fischer. 2023. Detecting Web Bots via Mouse Dynamics and Communication Metadata. In IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 73\u201386."},{"key":"e_1_3_2_2_34_1","unstructured":"see-aestas. 2020. Charles-Extractor. https:\/\/github.com\/see-aestas\/Charles-Extractor"},{"key":"e_1_3_2_2_35_1","volume-title":"I am robot:(deep) learning to break semantic image captchas. In 2016 IEEE EuroS&P","author":"Sivakorn Suphannee","unstructured":"Suphannee Sivakorn, Iasonas Polakis, and Angelos\u00a0D Keromytis. 2016. I am robot:(deep) learning to break semantic image captchas. In 2016 IEEE EuroS&P. IEEE, 388\u2013403."},{"key":"e_1_3_2_2_36_1","unstructured":"VMProtect Software. 2021. VMProtect Software Protection. Retrieved 2021-12-07 from https:\/\/vmpsoft.com\/"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.107074"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecPODS.2019.8885094"},{"key":"e_1_3_2_2_39_1","unstructured":"Oreans Technologies. 2022. Oreans Technologies : Software Security Defined.https:\/\/www.oreans.com\/Themida.php Accessed 2021-12-07."},{"key":"e_1_3_2_2_40_1","volume-title":"Nomad: Towards non-intrusive moving-target defense against web bots","author":"Vikram Shardul","year":"2013","unstructured":"Shardul Vikram, Chao Yang, and Guofei Gu. 2013. Nomad: Towards non-intrusive moving-target defense against web bots. In CNS. IEEE, 55\u201363."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950352"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-31456-9_43"},{"key":"e_1_3_2_2_43_1","volume-title":"Eighteenth Symposium on Usable Privacy and Security (SOUPS","author":"Whalen Tara","year":"2022","unstructured":"Tara Whalen, Thibault Meunier, Mrudula Kodali, Alex Davidson, Marwan Fayed, Armando Faz-Hern\u00e1ndez, Watson Ladd, Deepak Maram, Nick Sullivan, Benedikt\u00a0Christoph Wolters, 2022. Let The Right One In: Attestation as a Usable { CAPTCHA} Alternative. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). 599\u2013612."},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2012.6461002"},{"key":"e_1_3_2_2_45_1","unstructured":"Jason Yung. 2024. json2d\/obscure. https:\/\/github.com\/json2d\/obscure original-date: 2016-05-30T22:04:01Z."}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Padua Italy","acronym":"RAID '24"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678918","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678918","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678918"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":44,"alternative-id":["10.1145\/3678890.3678918","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678918","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}