METHOD AND SYSTEM FOR DETECTING EXECUTION OF A MALICIOUS CODE IN A WEB BASED OPERATING SYSTEM
First Claim
1. A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device, which comprises:
- a) introducing by an App-Store hooks to within the command stream of the widget;
b) running at the App-Store the widget on an App-Store device, measuring respective time durations between various hooks, and recording said time durations within a metadata file;
c) associating said metadata file with said widget, and supplying said widget, including said associated metadata file to within a user device which is substantially identical to said App-Store device;
d) upon running said widget by a web based OS at said user device, activating a monitoring module, determining by said module times durations between said introduced hooks, and comparing respectively said determined time durations with said measured time durations; and
e) issuing an alert upon detection of a variation above a predefined value between any of said determined durations and said measured durations respectively.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for detecting a malicious code injected into the command stream of a widget running by a web-based OS at a device. The method is multi-stepped. Introducing by an App-Store hooks to within the command stream of the widget. Running at the App-Store the widget on an App-Store device, measuring respective time durations between various hooks, and recording said time durations within a metadata file. Associating said metadata file with said widget, and supplying said widget, and associated metadata file to within a user device. Upon running said widget by a web based OS at said user device, activating a monitoring module, determining durations between said introduced hooks, and comparing respectively said determined time durations with said measured time durations. And issuing an alert upon detection of a variation above a predefined value between any of said determined durations and said measured durations respectively.
-
Citations
11 Claims
-
1. A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device, which comprises:
-
a) introducing by an App-Store hooks to within the command stream of the widget; b) running at the App-Store the widget on an App-Store device, measuring respective time durations between various hooks, and recording said time durations within a metadata file; c) associating said metadata file with said widget, and supplying said widget, including said associated metadata file to within a user device which is substantially identical to said App-Store device; d) upon running said widget by a web based OS at said user device, activating a monitoring module, determining by said module times durations between said introduced hooks, and comparing respectively said determined time durations with said measured time durations; and e) issuing an alert upon detection of a variation above a predefined value between any of said determined durations and said measured durations respectively. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification