METHOD AND COMPUTER SYSTEM FOR DETERMINING A THREAT SCORE
First Claim
1. A method for determining a threat score of an electronic document, the method comprising the steps of:
- loading and rendering the electronic document in a document sandbox;
querying a list of all available navigation elements in the electronic document from the document sandbox;
controlling the document sandbox to simulate user interaction with the electronic document based on the queried list;
while loading and rendering the electronic document and while controlling the document sandbox to simulate user interaction with the electronic document, monitoring the document sandbox for events triggered by the electronic document and belonging to one of at least two predefined event classes;
recording each observed event together with a respective event class to which each observed event belongs; and
determining the threat score of the electronic document based on predefined numerical weights associated with each of the predefined event classes to which the recorded events belong.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and a computer system are disclosed for determining a threat score of an electronic document comprising the steps of: loading and rendering the electronic document in a document sandbox, controlling the document sandbox to simulate user interaction with the electronic document, while loading and rendering the electronic document and while controlling the document sandbox to simulate user interaction with the electronic document, monitoring the document sandbox for events triggered by the electronic document and belonging to one of at least two predefined event classes, recording each observed event together with a respective event class to which each observed event belongs, and determining a threat score of the electronic document based on predefined numerical weights associated with each of the predefined event classes to which the recorded events belong.
12 Citations
20 Claims
-
1. A method for determining a threat score of an electronic document, the method comprising the steps of:
-
loading and rendering the electronic document in a document sandbox; querying a list of all available navigation elements in the electronic document from the document sandbox; controlling the document sandbox to simulate user interaction with the electronic document based on the queried list; while loading and rendering the electronic document and while controlling the document sandbox to simulate user interaction with the electronic document, monitoring the document sandbox for events triggered by the electronic document and belonging to one of at least two predefined event classes; recording each observed event together with a respective event class to which each observed event belongs; and determining the threat score of the electronic document based on predefined numerical weights associated with each of the predefined event classes to which the recorded events belong. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product for determining a threat score of an electronic document, the computer program product comprising program parts, which when loaded onto a computer are configured to:
-
load and render the electronic document in a document sandbox; query a list of all available navigation elements in the electronic document from the document sandbox; control the document sandbox to simulate user interaction with the electronic document based on the queried list; while loading and rendering the electronic document and while controlling the document sandbox to simulate user interaction with the electronic document, monitor the document sandbox for events triggered by the electronic document and belonging to one of at least two predefined event classes; record each observed event together with a respective event class to which each observed event belongs; and determine the threat score of the electronic document based on predefined numerical weights associated with each of the predefined event classes to which the recorded events belong.
-
-
14. A computer system for determining a threat score of an electronic document, the computer system comprising:
-
a document sandbox module for loading and rendering an electronic document; an interaction simulation module connected to the document sandbox module and configured to query the document sandbox for a list of all available navigation elements in the electronic document (10) and to control the document sandbox module to simulate user interaction with the electronic document based on the queried list; a monitoring module connected to the document sandbox module and configured to monitor the document sandbox module for events belonging to one of at least two predefined event classes and to record each observed event together with a respective event class to which each observed event belongs; and a scoring module connected to the monitoring module and configured to determine a threat score based on predefined numerical weights associated with each of the predefined event classes to which the events recorded by the monitoring module belong. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification