Detecting abusive behavior in hosted services, such as actions initiated by bots, automated downloader programs, website scrapers, viruses, denial-of-service attackers is a significant problem. This document describes a new technology that is directed to detecting and stopping attacks and other abusive behavior by automated initiators against hosted services.
Many organizations provide services to a variety of users through a computer network such as the Internet or an intranet. Examples of such network-based services include electronic mail and other messaging services, cloud-hosted data file storage and management, document sharing and collaboration services, online calendars, mobile device applications, social networking applications, and online audio and/or video streaming services.
As the demand for hosted services increases, it becomes an increasingly challenging task for an organization to detect and prevent attempts to misuse hosted services. For example, an email service provider will typically not want users to use their hosted email service to send spam email or phishing messages. Social media websites may want to prevent third parties from automatically mining the sites for data, or from hijacking the sites with malicious posts. Video sharing sites may want to prevent third party bots from automatically viewing videos to falsely increase video view counts. Online gaming services may desire to prevent bots from seeking and obtaining resources that typically require an individual player's time using the service to obtain. Ticket selling system operators may seek to prevent bots from automatically purchasing a significant number of available tickets for an event before actual attendees can complete their purchase requests.
As third parties automate the process of spamming, hijacking, scraping or otherwise abusing online services, it becomes even more challenging to detect and stop that activity. The detection of abuse in hosted services is therefore a significant technical challenge for many organizations.
This document describes methods and systems that are directed to detecting abusive actions by automated initiators of hosted services so that the hosted services can prevent those actions from causing harm to the service and its genuine users.