×

Malicious script detection using context-dependent script emulation

  • US 9,444,831 B1
  • Filed: 10/22/2015
  • Issued: 09/13/2016
  • Est. Priority Date: 06/07/2010
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented process for detecting malicious scripts at a client computer, the process comprising:

  • requesting and receiving by the client computer a web page comprising script fragments from a web server;

    intercepting the web page before any script fragment in the web page is executed by the client computer;

    checking variables and function names present in the script fragments against a local database of known-good contexts including uniform resource locators (URLs) of legitimate third-party javascript libraries and URLs of site-specific javascript libraries, wherein the local database is updated periodically by downloading from a remote database residing on a dedicated security server, and wherein the security server obtains the third-party javascript libraries from a global framework whitelist and performs site framework discovery to obtain the site-specific javascript libraries;

    classifying a script fragment in the script fragments as a known-good good script fragment and non-malicious, and then discarding the script fragment from the script fragments if a known-good context is present in the script fragment; and

    performing emulation only on remaining script fragments to determine if the remaining script fragments are malicious or non-malicious.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×