Detection and prevention of malicious script attacks using behavioral analysis of run-time script execution events

Assignee

• Akamai Technologies, Inc. · US

Inventors

• Maor Hod · Ramat Gan, IL
• Ziv Eli · Nes Ziona, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N3/045
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method and system of detecting script-based attacks. In this approach, behavioral analysis is performed against a traceable data structure, preferably in the form of a call flow graph (CFG) that is generated at an instrumented end user client browser. The CFG comprises a set of runtime JavaScript execution data points and one or more associated event chains that include the execution data points and their relative ordering. It is generated in a client browser in association with an interaction with a page, and it represents a context-based record of that specific interaction. By collecting similar CFGs from other such interactions with that page, the system identifies execution flow anomalies that represent malicious JavaScript attack(s). These attacks can then be mitigated, e.g., by updating the page or access policy associated with the page such that the attack cannot be successfully executed against other users interacting with the page.