The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Attackers may use software, often referred to as a “bot” or “headless browser”, which imitates a Ruser by receiving instructions from a web server and autonomously generating requests based on those instructions. For example, a bot may receive a web page, gather data in one or more objects defined in the web page, and generate a request for another web page to gather additional data, as if a user using a browser was requesting a new web page. Also for example, a bot may generate and send a request with data assigned to one or more parameters that correspond to fields in a web page to simulate a user submitting data to a web server through a browser.
Attackers may use bots to commit many types of unauthorized acts, crimes or computer fraud, such as web site or content scraping, ratings manipulation, fake account creation, reserving rival goods attacks, ballot stuffing attacks, password snooping, vulnerability assessments, brute force attacks, click fraud, denial-of-service (DoS) attacks, bidding wars, and system fingerprinting attacks. As a specific example, a malicious user may cause a bot to quickly reserve products that are being offered for sale through a particular web site.
It is relatively common, for example, for illicit organi*zations to place malware on client computers (e.g. smartphones, tablets, laptops, or desktops) owned by law-abiding people, such as to control those client computers to institute a or to intercept communications between the client and its user, or between the client and a server from which it is getting information and to which it is providing information. For example, such malware may, using a “man in the middle” attack, generate displays in a web browser that look like the legitimate displays from a bank or retail web site, but that act to induce a user to disclose private information (e.g, bank account or credit card information) that the malware then intercepts and forwards to people who will use the information for illicit gain (e.g. identity theft).
Web server administrators may wish to prevent malicious users from attacking the site, while allowing legitimate users to use the site as intended. However, determining which requests are generated by a legitimate user using a web browser and a malicious user using a bot may be difficult.