Identification of normal scripts in computer systems
First Claim
1. A computer-implemented method of identifying normal scripts, the method comprising:
- receiving a machine learning model and a feature set in a client computer, the machine learning model being trained using sample scripts that are known to be normal and sample scripts that are known to be potentially malicious and takes into account lexical and semantic characteristics of the sample scripts that are known to be normal and the sample scripts that are known to be potentially malicious;
receiving a target script along with a web page in the client computer, the target script and the web page being received from a server computer over a computer network;
extracting from the target script features that are included in the feature set;
inputting the extracted features of the target script into the machine learning model to receive a classification of the target script from the machine learning model; and
detecting that the target script is a normal script and not a potentially malicious script based on the classification of the target script.
2 Assignments
0 Petitions
Accused Products
Abstract
A machine learning model is used to identify normal scripts in a client computer. The machine learning model may be built by training using samples of known normal scripts and samples of known potentially malicious scripts and may take into account lexical and semantic characteristics of the sample scripts. The machine learning model and a feature set may be provided to the client computer by a server computer. In the client computer, the machine learning model may be used to classify a target script. The target script does not have to be evaluated for malicious content when classified as a normal script. Otherwise, when the target script is classified as a potentially malicious script, the target script may have to be further evaluated by an anti-malware or sent to a back-end system.
-
Citations
19 Claims
-
1. A computer-implemented method of identifying normal scripts, the method comprising:
-
receiving a machine learning model and a feature set in a client computer, the machine learning model being trained using sample scripts that are known to be normal and sample scripts that are known to be potentially malicious and takes into account lexical and semantic characteristics of the sample scripts that are known to be normal and the sample scripts that are known to be potentially malicious; receiving a target script along with a web page in the client computer, the target script and the web page being received from a server computer over a computer network; extracting from the target script features that are included in the feature set; inputting the extracted features of the target script into the machine learning model to receive a classification of the target script from the machine learning model; and detecting that the target script is a normal script and not a potentially malicious script based on the classification of the target script. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A client computer comprising a processor configured to execute computer-readable program code stored non-transitory in a computer-readable medium, the computer-readable medium comprising:
-
a web browser; an anti-malware; a machine learning model; and a normal script identifier configured to receive a first script in the client computer, to determine whether the first script is a normal script by having the first script classified by the machine learning model, to allow the first script to be used by the web browser without first having the first script evaluated by the anti-malware for malicious content in response to detecting that the first script is a normal script and not a potentially malicious script, to receive a second script in the client computer, to detect that the second script is a potentially malicious script based on a classification of the second script by the machine learning model, and to initiate further examination of the second script by the anti-malware in response to detecting that the second script is a potentially malicious script. - View Dependent Claims (10, 11, 12)
-
-
13. A computer-implemented method of identifying normal scripts, the method comprising:
-
using a machine learning model to determine a classification of a first script in a client computer; detecting that the first script is a normal script based on the classification of the first script; foregoing evaluation of the first script by an anti-malware in response to detecting that the first script is a normal script; receiving a second script in the client computer; detecting that the second script is a potentially malicious script based on a classification of the second script by the machine learning model; and in response to detecting that the second script is a potentially malicious script, initiating further examination of the second script by the anti-malware. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification