Web content may contain application-like functionality that is interpreted and executed within a visitor's browser, or in a similar application. Such functionality may include form fields and other user interface (UI) elements designed to collect input from a user. Although they are intended only for use by legitimate human users, UI elements are susceptible to automatic interference and snooping by computer malware. For example, malicious applications such as “bots” may scan underlying applications for vulnerabilities (and report their findings to a central unlawful organization), may attempt automatically to determine passwords or other credentials for users on whose computers the bots are executing, and/or may intervene between users and legitimate web sites to intercept user information, by interrogating user interface elements, or by collecting user input as it is transmitted within the browser or other application, or at another layer, before the data is encrypted for transmission back to a server system.
Various approaches have been taken to identify and prevent such malicious activity. For example, some approaches install defensive software on client computers. Alternative approaches run various kinds of analysis tools on the transactions and/or network traffic on a server system to detect improper activity.