Based on the severity of their impact, detection complexity and human-like behavior, the ShieldSquare Dashboard now classifies Bad Bots into 4 generations :
- 1st Generation Bad Bot
- 2nd Generation Bad Bot
- 3rd Generation Bad Bot
- 4th Generation Bad Bot
1st Generation Bad Bots
These are simple bad bots which attack using basic scripting tools from a limited number of IP addresses.
2nd Generation Bad Bots
These bots operate through website development and testing tools using ‘headless’ mode. They can maintain cookies and execute JavaScript.
3rd Generation Bad Bots
Bots that use hijacked, full-fledged browsers and can simulate basic human-like interactions, such as keystrokes and mouse movements
4th Generation Bad Bots
These are large-scale, distributed, highly sophisticated and have advanced human-like interaction characteristics
Following are the different types of bad bot categories classified by ShieldSquare.
| Bad Bot Generation | Bot Category | Characteristics | Description |
|---|---|---|---|
1st Generation Bots | Scripted bots | Programmatic browser behavior | Dumb bots with basic programmatic behavior |
Bot attacking from Public Cloud | Bot operating from a server hosted in a data center | Bots being operated from a Cloud based data center to generate an attack | |
Known bad bot signatures | Spoofed browser/User Agent | Bad bots spoofing the useragent of genuine users/legitimate bots or using bad useragents to access the site | |
Misbehaving legitimate bots | Commercial bot with malicious intent | Bad traffic generated by commercial bots which are not adding value to your business | |
| 2nd Generation Bots | Reputational Intelligence | Botnet attack trace, Traffic source with bad reputation, User source with bad reputation, Impression matching Collective bot intelligence & honeypots | Active bot signatures caught from ShieldSquare's global collective bot intelligence |
Programmatic Session behavior | Session tampering incident, programmatic session behavior, Signature tampering | Identification of suspicious session behavior on your site/app | |
| 3rd Generation Bots | Malicious browser behaviour | Referrer URL is tampered, Programmatic accessing URL identifier, Fingerprint test failed / Dynamic Turing test failed, Infected device source | Advanced behavior anomaly with multiple validation test failures |
| Advanced Javascript validation failure | Client side source validation failure, Javascript execution failed, Automated browser accessing the URLs, Spoofed browser impression | Javascript / browser anomaly observation, Identification of automated browser patterns | |
Misbehaving Users | User source with bad reputation | Identification of suspicious user interaction behavior on your site/app | |
| 4th Generation Bots | Emulator tools | Emulator / Impersonator behavior detected | Bots from automated tools attacking Mobile Apps |
Low & Slow attack | Programmatic slow bots with signature tampering | Slow trickling bots distributed across longer time frames | |
Malicious Intent detected | Suspicious user journey traversal & workflow failure, Intent Validation failed, Time series analysis check failed, Sophisticated bot behavior, Behavioral anomaly reported by Machine Learning engine | Sophisticated bots detected by intent based behavior analysis, time series based analysis, browser anomaly detection, clustering based analysis or by any advanced model of Machine learning based bot engine |