System and method for identification of automated browser agents

US 10,447,711 B2
Filed: 03/04/2016
Issued: 10/15/2019
Est. Priority Date: 10/18/2012
Status: Active Grant

First Claim

Patent Images

1. A method for detecting automated browser agents, comprising:

initiating a primary detection comprising passive probing, said primary detection comprising the steps of;

inserting a means for detecting information into a page code before a page is sent to a user'"'"'s browser, sending said page to a user'"'"'s browser, wherein said means sends emissions from one or more plugins via one or more channels, said emissions capturing client execution environment data without requiring a browser interaction and causing immediate and continued data collection of said client execution environment data,transmitting via asynchronous posts said client execution environment data to an analysis server, wherein said analysis server compares said client execution environment data with a first database storing pattern characteristics for humans, a second database storing pattern characteristics for automated browser agents, and a third database storing pattern characteristics which are unclear as to whether performed by a human or a bot,forming a report on automated browser agent activity based on a qualitative evaluation of performance metrics collected,calculating a probability of the user being an automated browser agent, said probability being based on said report and said comparing with said three databases, andinitiating a secondary detection if said probability of the user being an automated browser agent guarantees a presence of automated agent activity, said secondary detection comprising active probing.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are methods and systems for evaluating web browser behavior to report on human versus non-human activity, based on varying analyses of detectable properties. By passively detecting the code of a webpage engaged by a browsing user, the present invention evaluates the browsing user'"'"'s activity in order to predict the type of user with a degree of confidence. The predictions are formed by acquiring information on how a user loads, navigates, and interacts with a webpage and comparing that information with known and unknown properties in various control groups. If the prediction yields a high likelihood of automated activity, additional active detection may be performed. Reports are compiled by analysis servers and made available to the operators of webpages. By compiling performance metrics and informing operators of fraudulent versus normal activity, the invention combats malicious automated traffic directed at any aspect of a given webpage.

8 Citations

View as Search Results

20 Claims

1. A method for detecting automated browser agents, comprising:
- initiating a primary detection comprising passive probing, said primary detection comprising the steps of;
  
  inserting a means for detecting information into a page code before a page is sent to a user'"'"'s browser, sending said page to a user'"'"'s browser, wherein said means sends emissions from one or more plugins via one or more channels, said emissions capturing client execution environment data without requiring a browser interaction and causing immediate and continued data collection of said client execution environment data,transmitting via asynchronous posts said client execution environment data to an analysis server, wherein said analysis server compares said client execution environment data with a first database storing pattern characteristics for humans, a second database storing pattern characteristics for automated browser agents, and a third database storing pattern characteristics which are unclear as to whether performed by a human or a bot,forming a report on automated browser agent activity based on a qualitative evaluation of performance metrics collected,calculating a probability of the user being an automated browser agent, said probability being based on said report and said comparing with said three databases, andinitiating a secondary detection if said probability of the user being an automated browser agent guarantees a presence of automated agent activity, said secondary detection comprising active probing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising calculating a second probability of the user being a human.
  - 3. The method of claim 1, wherein said secondary detection comprises detection of properties to classify automated agents by type.
  - 4. The method of claim 1, wherein said secondary detection comprises detection of non-native code modifying a function of a browser.
  - 5. The method of claim 1, wherein said secondary detection comprises detection of network-resident modifications to a function of a browser.
  - 6. The method of claim 1, wherein said secondary detection comprises detection of content injection.
  - 7. The method of claim 1, wherein said client execution environment data comprises emulated input.
  - 8. The method of claim 1, wherein said client execution environment data comprises JavaScript event loops.
  - 9. The method of claim 1, wherein said client execution environment data comprises a nature of character insertion.
  - 10. The method of claim 1, wherein said client execution environment data comprises optimization of JavaScript.
  - 11. The method of claim 1, wherein said client execution environment data comprises an ability to connect with a malware detection engine.
  - 12. The method of claim 1, wherein said client execution environment data comprises post-exploitation defenses.
  - 13. The method of claim 1, wherein said client execution environment data comprises data regarding a handling of cookies.
  - 14. The method of claim 1, wherein said client execution environment data comprises properties of TCP and UDP traffic.
  - 15. The method of claim 1, wherein said client execution environment data comprises an availability of server-side API technology.
  - 16. The method of claim 1, wherein said active probing comprises an active use of pop-ups.
  - 17. The method of claim 1, wherein said active probing comprises intrusive font detection.
  - 18. The method of claim 1, wherein said active probing comprises nonlinear sampling.
  - 19. The method of claim 1, wherein said active probing comprises forcing a bot to self-announce to arbitrary endpoints.
  - 20. The method of claim 1, wherein said secondary detection comprises detection of viewability modulation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HUMAN Security, Inc.
Original Assignee
White Ops, Inc.
Inventors
Kaminsky, Daniel
Primary Examiner(s)
Chen, Alan

Application Number

US15/061,604
Publication Number

US 20160191554A1
Time in Patent Office

1,320 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2133   Verifying human interaction...

H04L 2463/144   Detection or countermeasure...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

System and method for identification of automated browser agents

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identification of automated browser agents

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links