Mitigating scripted attacks using dynamic polymorphism

US 9,438,625 B1
Filed: 09/09/2014
Issued: 09/06/2016
Est. Priority Date: 09/09/2014
Status: Active Grant

First Claim

Patent Images

1. A data processing system configured to improve resistance of a client computer to attacks and comprising:

one or more hardware processors;

script analysis logic coupled to the one or more processors and configured to obtain a particular electronic document from a server computer;

script injection logic coupled to the one or more processors and configured to insert a set of script code into source code of the electronic document to result in producing a modified electronic document prior to providing the modified electronic document to a client computer;

wherein the script code is configured to;

improve resistance of the client computer to attacks by running upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements,repeatedly periodically execute in the client computer after loading in the client computer, andcause the transforming in a different manner at each time that the script code repeatedly periodically executes in the client computer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a data processing system comprises one or more processors; script analysis logic coupled to the one or more processors and configured to obtain a particular electronic document from a server computer; script injection logic coupled to the one or more processors and configured to insert a set of script code into source code of the electronic document to result in producing a modified electronic document prior to providing the modified electronic document to a client computer; wherein the script code is configured to improve resistance of the client computer to attacks by running upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements. As a result, the system and method herein improve resistance of the client computer to attacks.

160 Citations

20 Claims

1. A data processing system configured to improve resistance of a client computer to attacks and comprising:
- one or more hardware processors;
  
  script analysis logic coupled to the one or more processors and configured to obtain a particular electronic document from a server computer;
  
  script injection logic coupled to the one or more processors and configured to insert a set of script code into source code of the electronic document to result in producing a modified electronic document prior to providing the modified electronic document to a client computer;
  
  wherein the script code is configured to;
  
  improve resistance of the client computer to attacks by running upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements,repeatedly periodically execute in the client computer after loading in the client computer, andcause the transforming in a different manner at each time that the script code repeatedly periodically executes in the client computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The data processing system of claim 1, wherein the script code is configured to cause the transforming using a pseudo-random transformation of the values of the elements.
  - 3. The data processing system of claim 1, wherein the script code comprises two or more segments of a particular obfuscated value, and wherein the script code is configured to cause transforming a particular value of a particular element of the source code into a particular combination of the two or more segments.
  - 4. The data processing system of claim 3, wherein the script code is configured to cause transforming the particular value of the particular element of the source code into a pseudo-randomly selected combination of the two or more segments.
  - 5. The data processing system of claim 3, wherein the script code is configured to cause transforming the particular value of the particular element of the source code into a randomly selected combination of the two or more segments.
  - 6. The data processing system of claim 1, wherein the script code is configured to repeatedly periodically execute in the client computer at time intervals specified using a time interval value in the script code, and wherein the script injection logic is configured to periodically update the time interval value in the script code to a different time interval value.
  - 7. The data processing system of claim 1, wherein the script code comprises JAVASCRIPT script code.

8. A data processing method of improving resistance of a client computer to attacks comprising:
- at an intermediary computer;
  
  obtaining a particular electronic document from a server computer;
  
  inserting a set of script code into source code of the electronic document to result in producing a modified electronic document;
  
  providing the modified electronic document to a client computer;
  
  wherein the script code is configured to;
  
  improve resistance of the client computer to attacks by running upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements,repeatedly periodically execute in the client computer after loading in the client computer, andcause the transforming in a different manner at each time that the script code repeatedly executes in the client computer.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The data processing method of claim 8, wherein the script code is configured to cause the transforming using a pseudo-random transformation of the values of the elements.
  - 10. The data processing method of claim 8, wherein the script code comprises two or more segments of a particular obfuscated value, and wherein the script code is configured to cause transforming a particular value of a particular element of the source code into a particular combination of the two or more segments.
  - 11. The data processing method of claim 10, wherein the script code is configured to cause transforming the particular value of the particular element of the source code into a pseudo-randomly selected combination of the two or more segments.
  - 12. The data processing method of claim 10, wherein the script code is configured to cause transforming the particular value of the particular element of the source code into a randomly selected combination of the two or more segments.
  - 13. The data processing method of claim 8, wherein the script code is configured to repeatedly periodically execute in the client computer at time intervals specified using a time interval value in the script code, and further comprising periodically updating the time interval value in the script code to a different time interval value.
  - 14. The data processing method of claim 8, wherein the script code comprises JAVASCRIPT script code.

15. A data processing method of improving resistance of a client computer to attacks comprising:
- using a security computer that is logically interposed between a server computer that generates HTML documents and a client computer, obtaining a HTML electronic document from the server computer;
  
  inserting a set of JAVASCRIPT script code into HTML source code of the HTML document to result in producing a modified HTML document;
  
  providing the modified HTML document to the client computer;
  
  wherein the JAVASCRIPT code is configured to;
  
  improve resistance of the client computer to attacks by running upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the HTML source code of the HTML document into obfuscated values of the one or more elements,repeatedly periodically execute in the client computer at time intervals specified using a time interval value in the JAVASCRIPT code after loading in the client computer, andperiodically updating the time interval value in the JAVASCRIPT code to a different time interval value.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The data processing method of claim 15, wherein the JAVASCRIPT code is configured to cause the transforming using a pseudo-random transformation of the values of the elements.
  - 17. The data processing method of claim 15, wherein the JAVASCRIPT code comprises two or more segments of a particular obfuscated value, and wherein the JAVASCRIPT code is configured to cause transforming a particular value of a particular element of the HTML source code into a particular combination of the two or more segments.
  - 18. The data processing method of claim 17, wherein the JAVASCRIPT code is configured to cause transforming the particular value of the particular element of the HTML source code into a pseudo-randomly selected combination of the two or more segments.
  - 19. The data processing method of claim 17, wherein the JAVASCRIPT code is configured to cause transforming the particular value of the particular element of the HTML source code into a randomly selected combination of the two or more segments.
  - 20. The data processing method of claim 15, wherein the JAVASCRIPT code is configured to repeatedly periodically execute in the client computer, and wherein the JAVASCRIPT code is configured to cause the transforming in a different manner at each time that the JAVASCRIPT code repeatedly periodically executes in the client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Yang, Siying
Primary Examiner(s)
Leung, Robert

Application Number

US14/481,835
Time in Patent Office

728 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/54   by adding security routines...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

Mitigating scripted attacks using dynamic polymorphism

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

160 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mitigating scripted attacks using dynamic polymorphism

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links