Elisa Chiapponi

PhD student in Network and Application Security @ EURECOM

I am a PhD student in Network and Application Security enrolled at the Sorbonne Université. I work on my research project at EURECOM and Amadeus, under the supervision of Prof. Marc Dacier (KAUST) and Dr. Olivier Thonnard (Amadeus). I am a member of the SeRBER group at KAUST.

My current research interests center around the analysis and detection of scraping bots and Residential IP proxies (RESIP).
Lately, scrapers exploit RESIP to have access to a vast network of residential IP addresses which can be used as exit points for requests. This helps scrapers bypass usual anti-bot detection techniques.
After an in-depth study of the ecosystem of RESIP, we are focusing on detecting when scrapers take advantage of these services. Thanks to IP address analysis and network measurements, we have reached a better understanding of the architecture and usage of these parties. In our latest work, we have presented a new specific detection technique for Residential IP proxies connections.

I am always more than happy to discuss our works, if you have any feedback please do not hesitate to ping me at elisa.chiapponi@eurecom.fr :)

Experience

Visiting student

KAUST

During this visiting experience, I had the opportunity to interact with the members of RC3 (Resilient Computing and Cybersecurity Center) and work in close collaboration with them about Residentail IP Proxy providers (2022) and geolocalization algorithm based on network measurements (2023).

February 2022 - March 2022
March 2023 - April 2023

OMAC Covid-19 Hackaton Top 30 team member

DUBAI FUTURE FOUNDATION

OMAC (One Million Arab Coders) Covid-19 Hackaton was launched to find solutions to problems that emerged in the first stages of the pandemic. Our team, composed of 6 people from different domains decided to submit the project of an application that would help people wanting to do volunteering to find the volunteering association that best suits them. Our idea was selected with other 29 among the 1200 proposed ones. We had 5 days to build a prototype of the application and business plan for it. We were helped and guided by mentors of the hackaton.

April 2020 - May 2020

Application SOC intern

Amadeus IT Group

My interniship was about the creation and development of a honeypot able to mitigate attacks of scraping bots towards the company booking domains. This work was the topic of my Master of Science thesis.

July 2019 - January 2020

Bachelor thesist

BMI Mario Stefanelli - Universitá di Pavia

I participated in the project and development of the first version of a web app to monitor the ketogenic diet. The application is currently used by the Health and Nutrition center of the university.

Febraury 2017 - July 2017

Front-desk librarian

Universitá di Pavia

I took part in a part-time collaboration with the university to work in the library.

January 2017 - June 2017

Summer intern

Chemistry department - Universitá di Pavia

I took part in the summer internship program for high school students organized by the Chemistry and Physics division of the university. I was assigned at the Phisical Chemistry department and I studied isomorphic cristals.

January 2017 - June 2017

Education

Sorbonne Université

Doctor of Philosophy

Digital Security

2020 - Ongoing

KU Leuven

Summer School on Security and Privacy in the (golden) Age of AI

Study of state-of-the-art in Security and Privacy and AI/ML

September 2022

EURECOM

Double degree between Politecnico di Torino and Telecom Paris

Communication System Security track

Extra: Vice President and secretary of the student association (Bureau des élèves), Choir

2018 - 2020

Télécom Paris

Diplôme d'ingenieur

2018 - 2020

Politecnico di Torino

Master's degree

Computer Engineering - Software track

Grade: 110/110 with Honors

2017 - 2020

Universidad Carlos III de Madrid

Erasmus semester

Biomedical engineering

2016 - 2017

Universitá di Pavia

Bachelor's degree

Bioenginnering

Grade: 110/110 with Honors

2014 - 2017

Publications

Chiapponi Elisa, Dacier Marc, Thonnard Olivier (2023). "Inside Residential IP Proxies: Lessons Learned from Large Measurement Campaigns" in WTMC 2023, 8th International Workshop on Traffic Measurements for Cybersecurity, co-located with 8th IEEE European Symposium on Security and Privacy.

Residential IP Proxy (RESIP) providers represent a growing threat when used for web scraping and other malicious activities. RESIPs enable their customers to hide behind a vast network of residential IP addresses to perpetrate their actions. This helps the customers to evade detection. Thanks to two new large datasets of RESIP connections, we reveal new insights into RESIP inner functioning and modus operandi. We present the similarities and differences of the ecosystems associated with four RESIP providers (geographic distribution, types, management and amount of machines used). Moreover, we display how two of the providers have striking similarities and we propose a specific detection method to identify them. Furthermore, we show how to build a list of suspicious /24 blocks of IP addresses and use it to mitigate the actions of malicious parties behind RESIPs.

Chiapponi Elisa, Dacier Marc, Thonnard Olivier (2023). "Towards Detecting and Geolocalizing Web Scrapers with Round Trip Time Measurements" in TMA 2023, 7th IFIP Network Traffic Measurement and Analysis Conference.

Many websites in different domains suffer from the large number of requests originated by web scraping. Hence, these websites exploit detection mechanisms to try to block scrapers' requests. Lately, scrapers evade more and more these mechanisms by hiding behind the so-called Residential IP Proxies (RESIP). We have created a server-side detection method, based on network measurements, that enables us to detect whether a request passes through one of these providers. We have run a 4-month long experiment to assess the validity of our technique and we have collected a 90M+ connections dataset. In this work, we present new analyses performed on this dataset. They show that our detection technique can work in any real-world environment and that has a good level of accuracy even in the unlikely event where client, server and RESIP machines are all in close proximity. Moreover, we introduce the next steps in our research. We implemented our detection technique in front of domains suffering from web scraping. The study of these connections is ongoing. Furthermore, we are implementing an algorithm to geolocalize the scrapers behind the RESIP, thanks to network measurements on their connections.

Chiapponi Elisa, Dacier Marc, Thonnard Olivier, Fangar Mohamed, Rigal Vincent (2022). "BADPASS: Bots taking ADvantage of Proxy AS a Service" in The 17th International Conference on Information Security Practice and Experience (ISPEC 2022).

Web scraping bots are now using so-called Residential IP Proxy (RESIP) services to defeat state-of-the-art commercial bot countermeasures. RESIP providers promise their customers to give them access to tens of millions of residential IP addresses, which belong to legitimate users. They dramatically complicate the task of the existing anti-bot solutions and give the upper hand to the malicious actors. New specific detection methods are needed to identify and stop scrapers from taking advantage of these parties. This work, thanks to a 4 months-long experiment, validates the feasibility, soundness, and practicality of a detection method based on network measurements. This technique enables contacted servers to identify whether an incoming request comes directly from a client device or if it has been proxied through another device.

Champion Mathieu, Dacier Marc, Chiapponi Elisa (2022). "ImMuNE : Improved Multilateration in Noisy Environments" in IEEE Global Internet (GI) Symposium 2022.

Identifying an attacker is a key factor to mitigate ongoing attacks. To evade localization, a single compromised machine can hide for months behind millions of available residential IP proxies. Without knowing the IP address of the machine, registration-based geolocation methods cannot be applied. Measurement-based methods have been proposed to estimate the location of a target without using its IP address. These methods use Round Trip Time (RTT) values and network speed modeling. They estimate a distance between the target and other observation points with known locations, called landmarks. However, most of these methods require additional information, whether it is on the topology of the network or the characteristics of the landmarks. In this paper, we present ImMuNE, a measurement-based technique which can estimate a location with only a few Round Trip Time measurements between a target and landmarks, even when some of these measures are inflated by temporary network congestion. Leveraging a previously made measurement campaign, we present promising results based on 11 millions TCP connections collected over a period of 4 months.

Chiapponi Elisa, Dacier Marc, Thonnard Olivier, Fangar Mohamed, Mattsson Mattias, Rigal Vincent (2022). "An industrial perspective on web scraping characteristics and open issues" in 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2022) - Industry Track.

An ongoing battle has been running for more than a decade between e-commerce websites owners and web scrapers. Whenever one party finds a new technique to prevail, the other one comes up with a solution to defeat it. Based on our industrial experience, we know this problem is far from being solved. New solutions are needed to address automated threats. In this work, we will describe the actors taking part in the battle, the weapons at their disposal, and their allies on either side. We will present a real-world setup to explain how e-commerce websites operators try to defend themselves and the open problems they seek solutions for.

Chiapponi Elisa, Dacier Marc, Catakoglu Onur, Thonnard Olivier, Todisco Massimiliano (2021). "Scraping Airlines Bots: Insights Obtained Studying Honeypot Data" in International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI).

Airline websites are the victims of unauthorised online travel agencies and aggregators that use armies of bots to scrape prices and flight information. These so-called Advanced Persistent Bots (APBs) are highly sophisticated. On top of the valuable information taken away, these huge quantities of requests consume a very substantial amount of resources on the airlines' websites. In this work, we propose a deceptive approach to counter scraping bots. We present a platform capable of mimicking airlines' sites changing prices at will. We provide results on the case studies we performed with it. We have lured bots for almost 2 months, fed them with indistinguishable inaccurate information. Studying the collected requests, we have found behavioural patterns that could be used as complementary bot detection. Moreover, based on the gathered empirical pieces of evidence, we propose a method to investigate the claim commonly made that proxy services used by web scraping bots have millions of residential IPs at their disposal. Our mathematical models indicate that the amount of IPs is likely 2 to 3 orders of magnitude smaller than the one claimed. This finding suggests that an IP reputation-based blocking strategy could be effective, contrary to what operators of these websites think today.

Chiapponi Elisa, Dacier Marc, Catakoglu Onur, Thonnard Olivier, Todisco Massimiliano (2020). "Botnet Sizes: When Maths Meet Myths" in International Conference on Service-Oriented Computing (ICSOC 2020) Workshops.

This paper proposes a method and empirical pieces of evidence to investigate the claim commonly made that proxy services used by web scraping bots have millions of residential IPs at their disposal. Using a real-world setup, we have had access to the logs of close to 20 heavily targeted websites and have carried out an experiment over a two months period. Based on the gathered empirical pieces of evidence, we propose mathematical models that indicate that the amount of IPs is likely 2 to 3 orders of magnitude smaller than the one claimed. This finding suggests that an IP reputation-based blocking strategy could be effective, contrary to what operators of these websites think today.

Chiapponi Elisa, Catakoglu Onur, Thonnard Olivier, Dacier Marc (2020). "HoPLA: a Honeypot Platform to Lure Attackers" in Computer & Electronics Security Applications Rendez-vous (C&ESAR 2020).

Airline websites are the victims of unauthorized online travel agencies and aggregators that use armies of bots to scrape prices and flight information. These so-called Advanced Persistent Bots (APBs) are highly sophisticated. They are provided by specialized companies that offer them as “bots as a service” and they leverage professional proxying companies (mis) using millions of residential IP addresses. On top of the valuable information taken away, these huge quantities of requests consume a very substantial amount of resources on the airline websites. In this work, we present a platform capable of mimicking these sites, at a much lower cost, and we provide early results on an experiment in which we have lured for almost 2 months several bots and have fed them indistinguishable inaccurate information.

Talks

"Detecting and Characterizing Residential IP Proxies", 10th July 2023, Design and Analysis of Communication Systems (DACS), University of Twente
"New ways to detect scrapers behind Residential IP Proxies", 26th April 2023, Application Security Office seminar
"The bots arms race on airlines websites", 21st September 2022, EU Micro AvTech Exchange, Aviation ISAC
"Scrapers vs airlines: the rise of Residential Proxies", 25th April 2022, SeRBER group seminar
"Using a honeypot to mitigate and study scrapers", 14th June 2021, Amadeus Security Operations seminar
"Botnet ecosystems and airlines websites", 18th February 2021, EURECOM Scientific counsel

Service

Program Committee Member

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) - Doctoral Forum [2023]

Journal Reviewer

Springer International Journal of Information Security

Grants and Awards

Network Traffic Measurement and Analysis Conference (TMA) 2023 Best Poster Award
ACM Internet Measurement Conference Travel Grant 2022
Complimentary Academic Pass to Black Hat USA 2022 on behalf of Black Hat and the Executive Women’s Forum (2022)
ERASMUS+ and Politecnico di Torino scholarship for 18 months at EURECOM - Telecom Paris (2018)
ERASMUS scholarship for 5 months at Universidad Carlos III (2016)

Other interests

When I am not actively working on my research project, I am passionate about cooking, voluntering ( Global Shapers Nice, Helping Hands ), hiking, indoor and ourdoor climbing.
I also love travelling, listening to true-crime podcasts and dancing Balfolk.

Contacts

elisa.chiapponi@eurecom.fr
+33 (0)4 93 00 82 75
450 Route des Chappes, Biot, 06410