Static Analysis
Static analysis refers to the technique of analyzing the Request at the time an MBUSTER API request is made to determine whether it is a macro.
When calling the MBUSTER API, the following information will be included:
| Information | Description | Mandatory |
|---|---|---|
| HTTP Request Header | Header information used when making an API request | Required |
| Visitor's IP | Represents the IP address of the visitor. | Required |
| Visitor's Personal ID | A personal identification ID issued per device to identify it | Required |
| Login ID | Used only when logged into the target site with a session ID | Required |
All clients using the WEB service communicate based on HTTP without distinction between regular visitors, macro users, and bots, always using the service in a Request-Response relationship. During this, macro detection is carried out by statically analyzing the Request information.
The method and purpose of analyzing the Request information determine the specific policies.
Blocking through Header Analysis (Importance: Required)
- Primarily, detection includes cases where the header information contains user-agent values defined as malicious bots.
- The following detection modules are used to ultimately include detection information in the header information, allowing detection even if the header information is maliciously altered:
- Developer Tools Detection Module: If developer tools are used, it considers the user abnormal and includes developer tool detection identifiers in the header information.
- Selenium Detection Module: Detects access using automation tools (macros) like Selenium and includes Selenium detection identifiers in the header information.
- An example of detection includes cases accessed using Selenium.
Blocking through IP Management (Importance: Required)
- MBUSTER contains about 30,000 source IPs classified as malicious bots, blocking access from these origins.
- Administrators manually add and block IPs they wish to block.
- An example of detection includes cases accessed using a blocked IP.
Blocking through Access Statistics Analysis (Importance: Recommended)
- Collects the average access amount per device using the visitor's personal ID. Based on these statistics, a threshold percentage is set for excessive access, requiring secondary authentication for excessive accessors.
- The basis for the number of accesses is the figures in the last 5 minutes.
- An example of detection is when the average access is 20 and the threshold is 100%, cases exceeding 40 accesses are detected.