DSN 2025, 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 23-26 June 2025, Naples, Italy
Functional abuse is an escalating cyber threat where attackers exploit legitimate website features for fraudulent activities and resource depletion. Unlike traditional attacks, these
techniques circumvent security measures by misusing intended functionalities. This paper examines two advanced forms: SMS Pumping, which abuses SMS-based services to generate excessive messages for financial gain, and Denial of Inventory (DoI), which
depletes stock availability by holding items in carts without purchase. Utilizing real-world attack data, we show why traditional anti-bot defenses are ineffective against these automated attacks and provide best practices to enhance mitigation strategies. This
study is the first to present the evolution of these threats from a targeted business perspective, highlighting effective ad-hoc mitigation techniques and advocating for further research into adaptive countermeasures.
Type:
Conference
City:
Naples
Date:
2025-06-23
Department:
Digital Security
Eurecom Ref:
8217
Copyright:
© 2025 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
See also:
