0

I have a user button touch sequence, which record ticks between user press this button and lift up. Such as 0.111,0.23,0.45,0.12 records user touch button 4 times, and first touch lasts for 0.111 s.

Some user is real human-being, and other is bots. Bots touch button by pseudo-random generator, maybe implemented like web.button.touch(random.uniform(0, 1))

So, How to detect whether a number sequence is generated by human random action or pseudo-random generator?

zhengchl
  • 341
  • 3
  • 7

1 Answers1

1

For any statistical test to make sense you need to have sufficient data. You can not decide anything based on 10 keystrokes. But if you have thousands of them, you can start doing something.

In your example, if you have some uniform distribution of values generated by a number generator, then your histogram will show this kind of distribution too.

I would assume (but don't take my word for it, do experiments yourself) that a human typing gives some kind of normal distribution. So the differentiation between human VS not-human would be the ability to distinguish between the two distributions based on a sufficient set of data.

EDIT:

Just as @Sam Mason mentioned - it only takes for a bot to know the trick to bypass this measure. So this feature will hold off your little sister, but not prevent a real hacker.

Marek Puchalski
  • 3,286
  • 2
  • 26
  • 35
  • tks, I have thousands of keystrokes, so statistical test maybe works. – zhengchl Jul 22 '21 at 10:40
  • 2
    durations can't be <0, so these variates can't be normal. log-normal or Gamma would seem more reasonable. that said, any semi-competent bot could easily replicate this distribution (if it knows it) to trick your code – Sam Mason Jul 22 '21 at 17:17