Bot
Understanding bot detection in Verisoul
Bots are automated scripts or programs that interact with your application, often for malicious purposes. Verisoul’s bot detection system identifies and prevents automated attacks while allowing legitimate users to access your services.
Bot Detection Across Platforms
Verisoul’s bot detection works across both web applications and native mobile apps through our SDKs. Our approach adapts to the specific characteristics and capabilities of each platform while maintaining consistent protection against automated threats.
Bot Detection Signals
Verisoul uses multiple signals to identify bot activity:
Environment Analysis
- Automation framework detection: Identifying tools like WebDriver, Appium, or other automation frameworks
- Emulation detection: Detecting when applications run in simulated or headless environments
- Runtime inconsistencies: Identifying mismatches in reported capabilities and actual behavior
- Execution anomalies: Unusual patterns in how code executes or resources are accessed
- Rendering analysis: Identifying non-human patterns in UI rendering and display
- Native API interactions: Detecting unnatural patterns in how native APIs are called (in mobile apps)
- System integrity: Checking for signs of tampering with the runtime environment
Behavioral Analysis
- Mouse movements: Lack of natural cursor movements or unnatural patterns
- Our models analyze hundreds of mouse events per second to detect subtle differences between human and automated movements
- Similar to how CGI animation can look “not quite right” to human observers, our models can detect the subtle differences in how bots move cursors
- Touch gestures: Analyzing touch patterns on mobile devices for natural variability
- Accelerometer data: Detecting unnatural device movement patterns in mobile apps
- Keyboard patterns: Unnatural typing rhythms, speeds, or consistency
- Humans have variable typing speeds, occasional errors, and natural pauses
- Bots often type with mechanical precision or unnatural timing
- Clipboard usage: Identifying abnormal clipboard interactions
- Navigation timing: Unusually fast or consistent page transitions
- Interaction patterns: Missing hover events or natural pauses
Network Patterns
- Request timing: Unnaturally consistent intervals between requests
- Parallel connections: Abnormal connection patterns
- Header consistency: Unusual or inconsistent HTTP headers
- IP reputation: Known bot hosting providers or proxy services
- Traffic patterns: Unusual traffic spikes or patterns
Relationship with Other Risk Signals
It’s important to understand that bot detection is distinct from, but related to, other risk signals:
Bot vs. Device Risk
A high bot score does not necessarily mean a high device risk score, and vice versa:
- A legitimate user on a suspicious device (e.g., jailbroken phone, unusual browser configuration) may have a high device risk but low bot score
- A sophisticated bot running on a standard personal computer may have a low device risk but high bot score
Our bot detection models incorporate device signals but focus specifically on identifying automated behavior rather than just unusual device characteristics.
Bot vs. Network Risk
Similarly, network risk signals (VPN, proxy, datacenter) do not automatically indicate bot activity:
- Many legitimate users employ VPNs for privacy or accessing content
- A bot may operate from a clean residential IP with no network risk signals
Our bot detection considers network context but primarily focuses on behavioral and environmental signals that indicate automation.
Bot Risk Score
The Bot Risk Score (0-100) indicates the likelihood that a session is automated rather than human. Higher scores indicate higher likelihood of bot activity.
In this example, the high bot score is influenced by the detected headless browser, WebDriver presence, and lack of natural user interactions.