As the number of users performing actions such as viewing information and purchasing items electronically increases, there is also an increasing amount of forgery, misuse of identity information, and other such illicit activities in such an electronic environment. For example, many automated applications, processes, or scripts (referred to generically as robots or “bots”) perform tasks such as submitting requests or initiating submissions across a network at a much higher rate than would generally be performed by a user of a system, application, or site attached to, or otherwise accessible through, the network. While certain bots can be used beneficially to execute certain functionality, other bots can be used maliciously to flood a server, host, application, network, device, or location with requests or other submissions that can cause the device or application to slow or even fail for a certain period of time.
Such attacks are particularly prevalent across the Internet. Many popular Web sites are subjected to bot attacks on a daily basis. These range from simple requests for Web pages at a rate that is higher than a Web server can handle, to more specific attacks that go deeper into a system, site, or application, for example, such as by using an overwhelming number of requests to perform a specific task, such as to add an item to a virtual shopping cart for an electronic marketplace. Many sites monitor traffic, and begin throttling or otherwise limiting the number of requests or other traffic when the amount of bandwidth reaches a certain level. Oftentimes, a system will log requests such that a manual decision can be made to block users or IP addresses where the traffic is determined to be excessive. These approaches generally work well for attacks that are not directed to specific functionality in the system, but are directed to a top layer of the system or software. Such approaches are not particularly well suited, however, to targeted or patterned attacks directed to potentially vulnerable portions of the systems, where a smaller number of requests in a shorter period of time can damage the system without necessarily reaching the levels used for throttling, setting off alarms, etc. Further, conventional approaches can be slow to react, which in the case of a bot attack can result in the attack being at least partially successful for a period of time.