| 发明名称 |
METHOD AND SYSTEM FOR PREVENTING INJECTION-TYPE ATTACKS IN A WEB BASED OPERATING SYSTEM |
| 摘要 |
A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device is disclosed. The method requires (a) analyzing the widget at an App-Store to determine first invariant data; (b) recording within a metadata file first invariant data; (c) associating said metadata file with said widget, and supplying said widget within a user device; (d) upon running said widget, activating a monitoring module, analyzing the running widget and determining by said module a second invariants data, and comparing respectively said second determined invariant data with said first determined invariants data; and (e) issuing an alert upon detection of a variation above a predefined value between said second determined invariant data and said first determined invariant data, respectively. |
| 申请公布号 |
US2016142437(A1) |
申请公布日期 |
2016.05.19 |
| 申请号 |
US201414542943 |
申请日期 |
2014.11.17 |
| 申请人 |
SAMSUNG ELECTRONICS CO., LTD. |
发明人 |
BESKROVNY Evgeny;HOCH Yaacov;MAIMON Maya |
| 分类号 |
H04L29/06;G06F17/22;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device, which comprises:
a) analyzing the widget at an App-Store to determine a first collection of invariants; b) recording within a metadata file first invariant data, said first invariant data being the determined first collection of invariants, a first structural representation of said invariants, or a first combination thereof; c) associating said metadata file with said widget, and supplying said widget, including said associated metadata file to within a user device; d) upon running said widget by a web based OS at said user device, activating a monitoring module, analyzing the running widget and determining by said module in a manner substantially the same as previously done at the App Store a second invariants data, said invariants data being a second collection of invariants, a second structural representation of said invariants, or a combination thereof, and comparing respectively said second determined invariant data with said first determined invariants data; and e) issuing an alert upon detection of a variation above a predefined value between said second determined invariant data and said first determined invariant data, respectively. |
| 地址 |
Gyeonggi-do KR |
