| CPC H04L 63/1416 (2013.01) [H04L 63/1466 (2013.01)] | 10 Claims |
|
1. Apparatus, comprising:
a hardware processor; and
computer memory holding computer program instructions executed by the hardware processor, the computer program instructions comprising program code configured to:
upon initiation of a session between a client and a site protected by a detection service, renew and provide the requesting client a first cookie, and initialize and provide the client a second cookie, the first cookie configured to identify a user associated with the client and to selectively throttle data collection at the client, and the second cookie configured to identify the session, the first and second cookies being different from one another;
as a page that includes a reference to an endpoint is returned to the client, inject into the page a reference to a data collection script, the script configured to record one or more interactions at the client, to collect sensor data about the interactions, and to send the collected sensor data;
receive and forward collected sensor data to the detection service;
responsive to intercepting a request for the endpoint, determine whether the first and second cookies are present in the request;
when the first and second cookies are present and valid, issue a query to the detection service to obtain a threat score associated with the client, the threat score based at least in part on the collected sensor data; and
determine based at least in part on the threat score received from the bot detection service whether the request for the endpoint should be forwarded onward for handling.
|