CN-115053220-B - Detecting gamification challenges for non-human users

Abstract

When a user suspected of communicating with a website is a robot, the user is presented with a gamification challenge. The gamification challenge includes a dynamic sequence of sequentially displayed animated collection objects with which the user should interact within the allotted amount of time. The complexity of the gambling challenge is increased when the challenge fails and when the features extracted from the user session indicate a high level of suspicion that the gambling challenge is suspected to be performed by a non-human user.

Inventors

• LARSON THOMAS C.
• D.E. Castro
• A.R. Pickering
• J.WANG

Assignees

• 微软技术许可有限责任公司

Dates

Publication Date

20260512

Application Date

20201023

Priority Date

20191031

Claims (16)

1. 1. A system, comprising: One or more processors, and memory; At least one program, wherein the at least one program is stored in the memory and configured to be executed by the one or more processors, the at least one program comprising instructions for: Receiving a request to establish a user session for a new user account; tracking features from the request in real-time, wherein the tracked features include one or more of an IP address, a location associated with the IP address, a time of day, a browser used to initiate the request, a browser extension used by the browser, or periodicity of the request over a span of time; generating a risk level based on the features tracked in real time; initiating a gamification challenge prior to processing the request based on a high risk level, the gamification challenge comprising a sequence of dynamically generated geometric objects displayed in a first order, each geometric object in the sequence having a geometric shape with an orientation, color, and animation effect, the gamification challenge having instructions for picking up selected ones of the geometric objects in a second order in which the selected ones of the geometric objects are animated, wherein the second order is different from the first order; detecting interactions with one or more of the geometric objects over a time span; indicating a failed attempt when the detected interaction is different from the second order; After detecting a plurality of failed attempts at the gambling challenge, rejecting the request as the request originated from a non-human user, and After detecting a low risk level, the request is processed without generating the gamification challenge.
2. 2. The system of claim 1, wherein the geometric objects selected from the geometric objects comprise common colors and/or common shapes.
3. 3. The system of claim 1, wherein the at least one program includes further instructions for performing the acts of: after a failed attempt at the gamification challenge, the complexity of the gamification challenge is increased by increasing the number of geometric objects in the sequence.
4. 4. The system of claim 1, wherein the at least one program includes further instructions for performing the acts of: Upon a failed attempt at the gamification challenge, the complexity of the gamification challenge is increased by associating one or more geometric objects in the sequence with different orientations.
5. 5. The system of claim 1, wherein the at least one program includes further instructions for performing the acts of: After a failed attempt at the gamification challenge, the complexity of the gamification challenge is increased by adding different types of geometric objects to the sequence.
6. 6. A method, comprising: Tracking, in real-time, features extracted from a user's request at a computing device providing a resource; Analyzing the features tracked in real-time to determine a risk level of the request associated with a non-human user, wherein the features tracked include one or more of an IP address, a location associated with the IP address, a time of day, a browser used to initiate the request, a browser extension used by the browser, or a periodicity of the request over a span of time; Generating a gamification challenge based on the analysis indicating a high risk level of the request from a non-human user, the gamification challenge comprising a sequence of geometrically shaped objects displayed in a first order, the geometrically shaped objects in the sequence having directional, color and animation effects, the gamification challenge having instructions for a user to repeat a second order in which the geometrically shaped objects in the sequence are animated over a span of time, wherein the first order is different from the second order, and Based on the analysis indicating a low risk level of the request from a non-human user, the user's request is processed without generating the gamification challenge.
7. 7. The method of claim 6, further comprising: Upon detecting a failed attempt at the gamification challenge, the complexity of the gamification challenge is increased.
8. 8. The method of claim 7, wherein increasing the complexity of the gamification challenge further comprises: Increasing the number of geometrically shaped objects in the sequence, adding objects of different types to the sequence, associating objects of one or more geometries in the sequence with different animation effects, or associating objects of one or more geometries in the sequence with different orientations.
9. 9. The method of claim 6, further comprising: the request is denied when the number of failed attempts at the gambling challenge exceeds a threshold.
10. 10. The method of claim 6, wherein the tracked features comprise a usage metric of the computing device.
11. 11. The method of claim 6, further comprising: When the challenge is not completed within the time span, the request is denied.
12. 12. An apparatus, comprising: A memory coupled to the processor; wherein the processor is configured to perform the following actions: Receiving a request to establish a user session with the device; Tracking in real-time features extracted from the established user session, wherein the tracked features include one or more of an IP address, a location associated with the IP address, a time of day, a browser used to initiate the request, a browser extension used by the browser, or a periodicity of the request over a span of time; determining a risk level of relevance to the user of the request using the extracted features based on the features tracked in real-time; Generating a first gamification challenge to determine whether a non-human user communicates in the established user session based on a level of high risk, the first gamification challenge comprising a first sequence of geometrically shaped objects, each geometrically shaped object in the first sequence having an orientation, a color, and an animation effect, the first gamification challenge having a first instruction set for a user to interact with a first subset of the geometrically shaped objects in a sequence in which the first subset of geometrically shaped objects is animated; Upon failure of the first gambling challenge, generating a second gambling challenge having a sequence different from the first sequence, the different sequence having additional geometrically shaped objects and a second instruction set for a user to interact with a second subset of the geometrically shaped objects in a sequence in which the second subset of geometrically shaped objects is animated; terminating the request after the subsequent failure of the second gambling challenge, and After detecting a low risk level, the request is processed without generating the gamification challenge.
13. 13. The apparatus of claim 12, wherein the second gamification challenge uses a different animation effect for each of the geometric objects in the second subset of geometric objects, wherein the first subset is different from the second subset.
14. 14. The apparatus of claim 12, wherein the second gamification challenge displays each of the geometric objects using a different orientation than the first gamification challenge.
15. 15. The device of claim 12, wherein the processor is further configured to perform the following actions: the risk level is high when the extracted features indicate a past history of malicious activity.
16. 16. The device of claim 12, wherein the processor is further configured to perform the following actions: The risk level is high when the extracted feature indicates a pattern of repeated failed attempts from a public IP address.

Description

Detecting gamification challenges for non-human users Background Automated software programs, known as robots (bots), web robots, or robotic programs, typically run automated scripts to perform simple tasks at a faster rate than humans. There are various types of robots. The most popular robots are web spiders or crawlers, which are used by search engines to search the content of web sites in order to generate an index of web site content for the search engine. Chat robots have conversations with humans or other robots. The shopping robot searches the internet for an optimal price for the commodity. Robots have been used for malicious purposes. Robots have been used to register free email accounts every minute to send thousands of spam emails. Robots have been used to participate in online chat rooms in order to direct participants in the chat room to advertisements. Robots have been used to participate in online polls in order to influence the outcome of the polls in a desired manner. Robots are also used to impersonate humans in order to aim and persuade humans to give up or provide sensitive information. To combat robots, the robots are detected using a program of auxiliary tests that can only be passed by a human user. However, some of these tests are cumbersome and time consuming for humans. Other tests may depend on the user's language, physical location and education and are not universally applicable for widespread use. Disclosure of Invention This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. The user interface uses the gamification challenge to determine whether the input detected through the user interface is from a human user or a non-human user. In one aspect, the gamification challenge is a dynamic geometry series-based challenge that displays a random, variable length sequence of different types of geometric objects. Objects in the sequence are animated, colored, and/or oriented at a particular angle. The user must play the gamification challenge by repeating the sequence in which the objects animate in the user interface, or participate in a geometry-based series of challenges that are dynamically indicated by the challenges. For example, the instructions may specify that the user only clicks on a dithered red object or blue square. The challenge is dynamically built to ensure that the robot does not detect patterns in the challenge. The gamification challenge is used when the user interface suspects that the input may come from a non-human user. This suspicion is based on a risk level that considers several features extracted from user sessions and from website usage metrics. A risk engine associated with the website monitors behavior and usage metrics of user session communications to generate a risk level based on the behavior. Gambling challenges become increasingly difficult when the challenge fails or when the tracked features indicate that the challenge is being actively tampered with. The number of objects in the sequence may be increased, different types of animations may be used, additional geometric objects may be used and/or the orientation of the objects may be changed. The user is given a predetermined amount of time to pass the challenge and/or a preconfigured amount of attempts. In the assigned time frame, when the user fails to go through the challenge due to a certain number of attempts or failures, the user will be denied any further interaction with the website and is suspected to be a non-human user. These and other features and advantages will be apparent from a reading of the following detailed description and a review of the associated drawings. It is to be understood that both the foregoing general description and the following detailed description are explanatory only and are not restrictive of the aspects as claimed. Drawings FIG. 1 illustrates an exemplary system for detecting non-human users with a gamification challenge. FIG. 2 is an exemplary user interface display illustrating creation of a new user account. Fig. 3A-3G are exemplary user interface displays showing various stages of a gamification challenge. FIG. 4 is a flow chart illustrating an exemplary method for detecting a non-human user with a gamification challenge. FIG. 5 is a flow chart illustrating an exemplary method for tracking user behavior and tracking website usage metrics to determine a risk level. FIG. 6 is a block diagram illustrating an exemplary operating environment. Detailed Description SUMMARY The disclosed aspects relate to various mechanisms for detecting non-human users interacting with websites. The user interface of the website uses the gamification challenge to determine whether the input detected through