Technical Field
This application relates generally to protecting websites and mobile applications (apps) from automated attacks by scripts or bots.
Brief Description of the Related Art
Distributed computer systems are well-known in the prior art. One such distributed computer system is a “content delivery network” (CDN) or “overlay network” that is operated and managed by a service provider. The service provider typically provides the content delivery service on behalf of third parties (customers) who use the service provider's shared infrastructure. A distributed system of this type typically refers to a collection of autonomous computers linked by a network or networks, together with the software, systems, protocols and techniques designed to facilitate various services, such as content delivery, web application acceleration, or other support of outsourced origin site infrastructure. A CDN service provider typically provides service delivery through digital properties (such as a website), which are provisioned in a customer portal and then deployed to the network. A digital property typically is bound to one or more edge configurations that allow the service provider to account for traffic and bill its customer.
It is known to provide a JavaScript-based technology to fingerprint clients and collect telemetry to evaluate end user behavior and to differentiate bots from humans. A commercial service of this type was developed by Cyberfend, now owned by Akamai Technologies, Inc. of Cambridge, Mass. Among other uses, this technology is useful to protect transactional workflows including, without limitation, login, checkout, search, gift card validation, coupons/rebates processing, etc., and that are regularly the target of fraud activity using botnets.
Known bot detection schemes include client device fingerprinting. When a fingerprint is found to be generated by a large number of malicious devices (running an attack script), a service provider can assume that those devices are bots and can then take appropriate mitigation actions. While such bot detection and mitigation techniques work well for their intended purpose, a provider of a bot may be able to adapt once it determines that device fingerprinting is being used against the attack. To this end, the provider might then modify the attack script. Thus, for example, every time the script is launched, it randomly changes some of the device fingerprint parameters, for instance, randomizing user agent, device sizes, fonts, canvas fingerprint, etc. A bot detection system running on or in association with the website must itself then adapt if it is going to be successful in identifying the botnet (as in such circumstance the requests appear to be coming from multiple/distinct client computers).
The technique herein addresses this need.