×

Method, device, and system of differentiating between a cyber-attacker and a legitimate user

  • US 10,834,590 B2
  • Filed: 02/01/2018
  • Issued: 11/10/2020
  • Est. Priority Date: 11/29/2010
  • Status: Active Grant
First Claim
Patent Images

1. A process comprising:

  • (a) monitoring input-unit interactions of a user, who utilizes during a usage session one or more input units of an electronic device to fill-out data in a fillable form of a computerized service;

    (b1) if said input-unit interactions indicate that said user utilized keyboard shortcuts for data entry and for in-page navigation, then increasing an attack-relatedness score of said usage session;

    (b2) detecting a particular typing rhythm of said user in said usage session; and

    if said particular typing rhythm matches one or more typing rhythms that are pre-defined as typing rhythms of attackers, then increasing said attack-relatedness score of said usage session;

    wherein steps (b1) and (b2) analyze a batch of input-unit interactions which includes interactions that were performed across multiple fillable forms that were filled by said user;

    wherein steps (b1) and (b2) analyze a batch of input-unit interactions which includes interactions across multiple web-pages that belong to a single usage session of said user;

    (c) if said attack-relatedness score is greater than a particular threshold value, then;

    determining that said input-unit interactions are part of an attack, and initiating one or more mitigation operations.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×