SYSTEM AND METHOD FOR DETECTING MALICIOUS SCRIPT
First Claim
1. A system for detecting a malicious script, comprising:
- a script decomposition module for decomposing a web page into scripts;
a static analysis module for statically analyzing the decomposed scripts in the form of a document file;
a dynamic analysis module for dynamically executing and analyzing the decomposed scripts; and
a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a system and method for detecting a malicious script. The system includes a script decomposition module for decomposing a web page into scripts, a static analysis module for statically analyzing the decomposed scripts in the form of a document file, a dynamic analysis module for dynamically executing and analyzing the decomposed scripts, and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. The system and method can recognize a hidden dangerous hypertext markup language (HTML) tag irrespective of an obfuscation technique for hiding a malicious script in a web page and thus can cope with an unknown obfuscation technique.
-
Citations
16 Claims
-
1. A system for detecting a malicious script, comprising:
-
a script decomposition module for decomposing a web page into scripts; a static analysis module for statically analyzing the decomposed scripts in the form of a document file; a dynamic analysis module for dynamically executing and analyzing the decomposed scripts; and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of detecting a malicious script, comprising:
-
decomposing a web page into scripts; statically analyzing the decomposed scripts in the form of a document file; executing and dynamically analyzing the decomposed scripts; and comparing a static analysis result and a dynamic analysis result to determine whether the decomposed scripts are malicious scripts. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification