System and method for blocking execution of scripts
First Claim
1. A method for blocking execution of malicious scripts, the method comprising:
- intercepting, by a processor of a client, a script requested by the client from a server by providing, on the client, a driver configured to intercept network script requests by rerouting at least one transmission channel of the script from the client to the driver;
generating, by the processor, a bytecode of the intercepted script;
computing, by the processor, a hash sum of the generated bytecode;
determining, by the processor, a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database;
identifying, by the processor, a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity;
determining, by the processor, a coefficient of trust of the similar hash sum;
determining, by the processor, whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and
blocking, by the processor, the execution of the malicious script on the client.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are exemplary aspects of systems and methods for blocking execution of scripts. An exemplary method comprises: intercepting a request for a script from a client to a server; generating a bytecode of the intercepted script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining a coefficient of trust of the similar hash sum; determining whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking the execution of the malicious script on the client.
-
Citations
15 Claims
-
1. A method for blocking execution of malicious scripts, the method comprising:
-
intercepting, by a processor of a client, a script requested by the client from a server by providing, on the client, a driver configured to intercept network script requests by rerouting at least one transmission channel of the script from the client to the driver; generating, by the processor, a bytecode of the intercepted script; computing, by the processor, a hash sum of the generated bytecode; determining, by the processor, a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying, by the processor, a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining, by the processor, a coefficient of trust of the similar hash sum; determining, by the processor, whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking, by the processor, the execution of the malicious script on the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for blocking execution of malicious scripts, the system comprising:
-
a hardware processor of a client configured to; intercept a script requested by the client from a server by providing, on the client, a driver configured to intercept network script requests by rerouting at least one transmission channel of the script from the client to the driver; generate a bytecode of the intercepted script; compute a hash sum of the generated bytecode; determine a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identify a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determine a coefficient of trust of the similar hash sum; determine whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and block the execution of the malicious script on the client. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable medium storing computer executable instructions for blocking execution of malicious scripts, including instructions for:
-
intercepting a script requested by a client from a server by providing, on the client, a driver configured to intercept network script requests by rerouting at least one transmission channel of the script from the client to the driver; generating a bytecode of the intercepted script; computing a hash sum of the generated bytecode; determining a degree of similarity between the hash sum of the bytecode and a plurality of hash sums of malicious and clean scripts stored in a database; identifying a similar hash sum from the database whose degree of similarity with the hash sum of the bytecode is within a threshold of similarity; determining a coefficient of trust of the similar hash sum; determining whether the requested script is malicious based on the degree of similarity and the coefficient of trust of the similar hash sum; and blocking the execution of the malicious script on the client. - View Dependent Claims (12, 13, 14, 15)
-
Specification