Detecting malicious scripts in a web page

Assignee

• Shape Security, Inc. · US

Inventors

• Tim Disney · Santa Clara, US
• Madhukar Nagaraja Kedlaya · Santa Clara, US
• Claire Schlenker Schlenker · Redwood City, US
• Nitish Khadke · Mountain View, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/53
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.