In the area of information technology security, effectively detecting and/or preventing fraudulent access to a secure resource may include determining whether the behavior of a user is consistent with the previous behavior of a legitimate user of the secure resource. When user behavior is inconsistent with the previous behavior of a legitimate user, such anomalous user behavior may be an indication that fraudulent access to the secure resource is being attempted or is currently occurring, e.g. that an imposter user or malicious software program is attempting to access or is currently accessing the secure resource.
Some previous fraud detection systems have attempted to monitor user behavior by intercepting and analyzing the contents of network traffic in communication channels established between a user device and a Web server. These previous systems have been effective for monitoring use of Web-based applications, since virtually every click performed by the user on the user device is reflected in the intercepted network traffic. For example, such previous systems have sometimes been able to determine and analyze the use of a Web site provided by a server computer, by intercepting and analyzing network traffic between the server providing the Web site and the user device.
Other previous systems have relied on monitoring behavioral biometrics (“behaviometrics”) to continuously authenticate a user of a device based on one or more measurable behaviors that identify the user. For example, some previous systems have attempted to monitor behaviometrics of a mobile phone user by tracking how the user holds the mobile phone, e.g. the height at which the mobile phone is being held, the orientation of mobile phone, etc., in order to determine if the user currently in possession of the mobile phone is the legitimate user of the mobile phone.