APPARATUS AND METHOD FOR DETECTING OBFUSCATED MALICIOUS WEB PAGE
First Claim
1. An apparatus for detecting an obfuscated malicious web page, comprising:
- an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page;
a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code;
a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code; and
a malicious code detector that detects a malicious code using the deobfuscated code.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code.
66 Citations
13 Claims
-
1. An apparatus for detecting an obfuscated malicious web page, comprising:
-
an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page; a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code; a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code; and a malicious code detector that detects a malicious code using the deobfuscated code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for detecting an obfuscated malicious web page, comprising:
-
determining whether an obfuscated code is included in a source code of a web page; reconfiguring, when the obfuscated code is included, the source code by inserting a function for deobfuscating the obfuscated code into the source code; and deobfuscating the obfuscated code using the reconfigured source code and detecting a malicious code using the deobfuscated code. - View Dependent Claims (10, 11, 12, 13)
-
Specification