Many networks storing web resources, such as web applications, web pages, or other content, include security management apparatus(es) that, among other functions, protect server devices storing the web resources from malicious attacks. One such set of attacks are denial of service (DoS) or distributed denial of service (DDoS) attacks, although many other types of malicious attacks exist including web-scraping and automated fraudulent bank transactions. Such attacks often originate from web or Internet robots, or applications that automatically generate malicious network traffic, commonly referred to herein as bots.
Attacks originating from bots can be mitigated by security management apparatuses by sending browser-level challenges prior to proxying network traffic to protected server devices. The browser-level challenges can include JavaScript code that must be executed client-side in order to return a result to the security management apparatus. If the result is verified, the security management apparatus can decide to allow the network traffic and, if the result is not sent or not verified, then the network traffic can be dropped or blocked, for example. Since many bots are not full web browsers with support for executing JavaScript, such challenges have been effective to reduce network attacks.
However, bots are increasingly sophisticated and run as emulated browsers or headless browsers that are lightweight and also capable of executing JavaScript and returning verifiable results. Accordingly, the challenge-result mechanism used by security management apparatus to detect bots and filter malicious network traffic is ineffective at mitigating network attacks originating with such smart bots that are capable of executing JavaScript.