Detection of malicious script operations using statistical analysis
US9038184B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 17, 2010 |
| Grant date | May 19, 2015 |
| Priority date | — |
| Expiry date | Mar 26, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A security server renders a plurality of web pages. The security server logs script operations of the plurality of web pages that are performed when the web pages are rendered. Sequences of script data values that result from the script operations are determined. The sequences of script data values are tagged as either malicious or non-malicious based on whether the script operations associated with the sequence of script data values resulted in abnormal behavior in the computer. A statistical analysis is performed on the malicious and non-malicious script data values to determine likelihoods that identified sequences of script data values represent malicious behavior. The security server generates security data based on the statistical analysis. The security data are provided to clients. The clients monitor script operations of web pages accessed by the clients, and use the security data to identify malicious script operations.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.