SYSTEM AND METHOD FOR DETECTING MALICIOUS CONTENT
First Claim
1. A computer-implemented method for detecting malicious code in web content, the method comprising:
- generating vulnerability definitions;
translating vulnerability definitions into a trap rule;
receiving web content;
parsing web content into static language;
translating static language into one or more application programming interface (API) calls; and
determining whether any of the one or more API calls triggers the trap rule.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting malicious code in web content is described. A controller receives information, routes the information to the appropriate module and determines whether a user receives the web content or a report of a detection of malicious code. A vulnerability definition generator generates vulnerability definitions. A parser parses web content into static language constructions. A translation engine translates the static language constructions into trap rules, translates the web content into application programming interface (API) calls and determines whether the API calls trigger any of the trap rules. A sandbox engine generates an environment that mimics a browser and executes dynamic parts of the web content and determines whether a dynamic part triggers a trap rule.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting malicious code in web content, the method comprising:
-
generating vulnerability definitions; translating vulnerability definitions into a trap rule; receiving web content; parsing web content into static language; translating static language into one or more application programming interface (API) calls; and determining whether any of the one or more API calls triggers the trap rule. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method for detecting malicious code in web content, the method comprising:
-
loading vulnerability definitions and a trap rule for intercepting malicious code; receiving web content from a web server, the web content including at least one dynamic part; extracting metadata from a network protocol and the dynamic part of the web content; executing the dynamic part of the web content; and determining whether the dynamic part triggers the trap rule. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A system for detecting malicious code in web content comprising:
-
a controller for receiving information and routing the information to an appropriate module within the system; a vulnerability definition generator coupled to the controller, the vulnerability definition generator for generating vulnerability definitions; a parser coupled to the controller, the parser for receiving web content and parsing the web content into static language; and a translation engine coupled to the parser, the translation engine for receiving the vulnerability definitions, translating the vulnerability definitions into a trap rule, receiving the static language from the parser, translating the static language into one or more API calls and determining whether any of the application programming interface (API) calls trigger the trap rule. - View Dependent Claims (12, 13, 14)
-
-
15. A system for detecting malicious code in web content comprising:
-
a controller for receiving information and routing the information to an appropriate module within the system, the controller also receiving web content that includes a dynamic part; an extractor coupled to the controller for extracting metadata from a network protocol and for extracting the dynamic part of the web content; and a sandbox coupled to the controller and the extractor for loading vulnerability definitions and a trap rule for intercepting malicious code, for executing the dynamic part of the web content, for evaluating vulnerability definitions and for determining whether the dynamic part triggers the trap rule. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification