Skip to main content

Introduction

🛡️ 1. Introduction

The GKTinc (GuardianKey – This Is Not CAPTCHA!) is a platform for intelligent protection and deterrence for web applications, designed to mitigate large-scale automated attacks — such as brute force, credential stuffing, endpoint enumeration, and denial of service — without compromising the legitimate user's experience.

Unlike traditional visual CAPTCHA-based solutions, GKTinc operates transparently and silently, applying cryptographic, behavioral, and analytical mechanisms directly in the HTTP request flow. The goal is not to "challenge the user", but to make automated attacks economically and computationally unviable.

🔹 Basic Dissuasion

At its core, GKTinc uses a cryptographic challenge executed in the browser via JavaScript, which must be solved automatically before sending the sensitive request (for example, login forms).

This challenge:

  • Has no visual interface
  • Requires no user interaction
  • Imposes a computational cost negligible for humans but significant for bots at scale
  • Is dynamically adjusted according to the perceived risk of the origin

This approach replaces traditional CAPTCHAs, which rely on visual tests, fragile heuristics, and often harm usability, and are already widely bypassed by AI and specialized services.

🔹 Advanced Dissuasion (Enhanced Dissuasion)

The evolution of GKTinc introduces Advanced Dissuasion, a module that turns the system into a full web-application protection engine, combining multiple layers of real-time analysis and decision-making.

In addition to the cryptographic challenge, Advanced Dissuasion incorporates:

  • Reputation-based risk assessment (Threat Intelligence / OSINT)
  • Dynamic per-request risk scoring
  • Group-oriented access policies, with automatic allow-or-block decisions
  • GeoFirewall, with country-level controls
  • Behavioral analysis, including mouse movement for automation detection
  • Path (GET) analysis to identify malicious patterns
  • Anomaly analysis in POST requests, using Machine Learning to detect deviations from the application's expected behavior

With this, each request is evaluated contextually, behaviorally, and reputationally, enabling a precise, auditable, and risk-proportional decision, without relying on visual interventions or unnecessary friction for legitimate users.