DISRUPTING AUTOMATED ATTACKS ON CLIENT-SERVER INTERACTIONS USING POLYMORPHIC APPLICATION PROGRAMMING INTERFACES

摘要

An app interacts with a human user of a user device that is executing the app while the app is also interacting over a network connection to an API server by making API calls to the API server and using the responses. An intermediary is provided between the API server and user devices/clients that modifies application programming interface interactions to disrupt automated attacks on those client-server interactions, at least as to those API interfaces that are known to be human-interaction API interfaces. The human-interaction API calls are disassociated to thwart automated attacks using those API calls. The disassociation can be provided through the use of user interface builder packages to provide instructions to the app as to performing human user interaction. Disassociating can be done by separating labels from their meaning, such as by assigning random values to the labels or other methods of obfuscating relations and structure.

主权项

1. For use with a user device comprising an electronic device having a human user interface, client software that can execute on the user device, the client software comprising:
a native application that performs at least one human interface operation that requires human user input or output for proper execution of the at least one human interface operation and that performs at least one application programming interface (“API”) operation that uses an API for proper execution of the at least one API operation; an interface requestor that requests from an API server or its agent a user interface builder package corresponding to the native application; storage for user interface builder packages retrieved from the API server or its agent; and a user interface builder that receives requests from the native application for human interface associated with an API call, generates a user interface element according to the request and the user interface builder package, performs the human interface operations or has the native application perform them, and indicates at least one parameter for the API call, wherein structure of the API call is disassociated in the user interface builder package so as to prevent at least some attempts to simulate the at least human interface operation using an automated process.