Financial sector protection systems (BotSense)

  • Project name: Financial sector protection systems (BotSense)
  • Website:
  • Source of funding: NASK product
  • Project goal: The purpose of the system is real-time detection of attempts at account hacking and unauthorised financial transactions caused by malicious software which tampers with the browsers of bank customers using electronic banking services.


BotSense was originally developed entirely by the CERT Poland department. The product detects modifications in client-side bank transaction systems. BotSense is dedicated to banks, which can install BotSense components in their internal systems and integrate them with electronic banking and SIEM threat analysis systems. BotSense utilises JavaScript code which is placed within the code of a transaction system and detects elements added by malicious software by checking signatures created based on CTI service data.


  • A GUI and automated webinject activity signature distribution mechanisms were developed.
  • New implementation and maintenance processes were created, adapted to SLA requirements.
  • A signature testing environment for various browsers and systems was developed.
  • A new, stable system version was developed in the form of a virtual machine with an altered GUI. Different system versions implemented for various clients began to be replaced with a single version.
  • By the end of 2017, the system was installed in seven Polish banks and one public administration institution.
  • A new version of the system, BotSense 2.0, will be developed in 2018, featuring more efficient architecture which will render it possible to implement new malware detection techniques. A module for protecting users of dedicated mobile applications is currently in production.