REAL-TIME MALICIOUS CODE INHIBITOR
First Claim
1. A computer-implemented method for real-time blocking, of malicious code from a string sent as a request to a server, comprising:
- splitting the string into a first string portion and a second string portion;
parsing a first portion substring from the first string portion;
comparing the first portion substring to a list of malicious codes;
blocking the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and
inserting a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for real-time blocking of malicious requests to a compute system and real-time removal of malicious code from such requests, by comparing the request information to a database of known and recorded malicious requests. If it is determined that the request is from an IP address that is restricted or has previously attacked another system, the request may be denied, the request information will be logged, the incident will be reported to the user and also SecurePlus if the user has subscribed to SecurePlus. If the request is not denied, it will be parsed and searched for inclusion of remote files, database code, programming code, known hacking terms, and user-supplied terms. If the presence of any of these items is detected, the request may be denied, the request information will be logged, the incident will be reported to the user and also SecurePlus if the user has subscribed to SecurePlus. If the request in question has been denied, a cookie will be inserted onto the requesting system to assist in detection of known attackers.
41 Citations
30 Claims
-
1. A computer-implemented method for real-time blocking, of malicious code from a string sent as a request to a server, comprising:
-
splitting the string into a first string portion and a second string portion; parsing a first portion substring from the first string portion; comparing the first portion substring to a list of malicious codes; blocking the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and inserting a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for real-time removal of malicious code from a string sent as a request to a server, the system comprising:
-
a processor; and memory comprising program/instructions, wherein the program instructions are executable by the processor to; split the string into a first string portion and a second string portion; parse a first portion substring from the first string portion; compare the first portion substring to a list of malicious codes; remove the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and insert a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable storage medium with an executable program stored thereon, wherein the program instructs a microprocessor to:
-
split the string into a first string portion and a second string portion; parse a first portion substring from the first string portion; compare the first portion substring to a list of malicious codes; remove the first portion substring from the first string portion, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes; and insert a cookie on a client system, if it is determined that the first portion substring matches at least one malicious code from the list of malicious codes, wherein the cookie prevents the client system from executing the malicious code. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification