The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Browsers are powerful computer program applications that may request and execute instructions received from a web server to generate complex user interfaces that are presented to a user through one or more devices, such as a monitor or speakers. In response to input from a user, such as a mouse click indicating that the user selected an object defined in the instructions, such as a link, a browser may send a request based on the selected object to the web server. The request may be a request for data and/or include data to be processed by the web server.
Attackers may use software, often referred to as a “bot” or “headless browser”, which imitates a browser by receiving instructions from a web server and generating requests based on those instructions. For example, a bot may receive a web page, gather data in one or more objects defined in the web page, and generate a request for another web page to gather additional data, as if a user using a browser was requesting a new web page. Also for example, a bot may submit false or bogus data to a web server.
Attackers may use bots to commit many types of unauthorized acts, crimes or computer fraud, such as content scraping, ratings manipulation, fake account creation, reserving rival goods attacks, ballot stuffing attacks, password snooping, web site scraping attacks, vulnerability assessments, brute force attacks, click fraud, DDoS attacks, bidding wars, and stack fingerprinting attacks. As a specific example, a malicious user may cause a bot to traverse through pages of a web site and collect private and/or proprietary data, such as who is connected with whom on a particular social networking web site.
Furthermore, attackers may inject malicious instructions into a web page and/or a browser. The malicious instructions may be configured to simulate a user interacting with the web page and/or browser. For example, malicious instructions injected into a web page, which when executed by a browser, may call one or more functions defined by the web page and/or the browser to gather data in the web page, collect and/or ask for user input, submit data to a web server, and/or request additional data from a server. The injected malicious instructions may further use functions defined in the web page and/or browser to send collected data to an attacker's online storage server or to pose as a legitimate browser. A legitimate browser may be a browser operated by a legitimate user.
Web server administrators may wish to prevent attacks from malicious users, while allowing legitimate users to use the site as intended. However, it is difficult to determine whether a legitimate user is using a web browser or whether the browser is infected, and/or operated, by a malicious user.