One common area of computer fraud involves attempts by organizations to infiltrate and compromise computers of ordinary people, and by that action, to elicit confidential information or manipulate otherwise legitimate transactions. For example, via an exploit commonly termed “Man in the Browser,” a user's computer can be compromised surreptitiously with malware (i.e., malicious computer programs) that intercepts legitimate communications by the user, such as transactions with the user's bank, and does so after the communications have been authenticated and decrypted, e.g., by a web browser on the computer. Such malware may alter the interface that the user sees, such as by generating an interface that looks to the user like his or her bank is requesting particular information (e.g., a PIN number) when in fact the bank would never request such information via a web page. Alternatively, the malware may generate an interface that indicates to a user that payment transaction was executed as the user requested, when in fact, the malware altered the transaction so as to divert the user's money to the benefit of criminal enterprise.
Various approaches have been taken to identify and prevent such malicious activity. For example, some approaches install defensive software on client computers. Alternative approaches run various kinds of analysis tools on the transactions and/or network traffic on a server system to detect improper activity.