System and method for real-time malware detection based on web browser plugin

摘要

According to a method and system for real-time malware detection based on web browser plugin, the method and system may connect a web server of a web site through a web browser module, execute a security module through a browser plugin of the web site, update a database for a browser cache of the web site from the web server by the security module, cache a web content of the web site from the web server, match cache data of the web content with the database, and warn about the web content if data matched with the cache data of the web content does not exist in the database.

主权项

1. A method for real-time malware detection based on web browser plugin, the method comprising:
connecting a web server of a web site through a web browser module; installing a security module through a browser plugin of the web site if the security module for the web site is not installed on a host device; downloading a database for a browser cache of the web site from the web server by the security module, wherein the database includes a file name, a file type, an upload time, a file size, a file author, an IP address and a signature for each of web content of the web site; executing the security module through the browser plugin of the web site; updating the database for the browser cache of the web site from the web server by the security module; caching a web content of the web site from the web server; matching cache data of the web content with the database; and warning about the web content if data matched with the cache data of the web content does not exist in the database, wherein the security module matches the cache data of the web content with the database, whenever an information transmission is requested to the web server by a user, and wherein the matching of the cache data includes: searching data corresponding to the cache data of the web content in the database; determining whether a signature of the cache data is matched with a signature of the data corresponding to the cache data; determining a pass or fail for the signature of the web content based on whether the signature is matched or not; and updating a signature result of the web content in the database.