| 发明名称 |
METHOD AND SYSTEM FOR DETECTING EXECUTION OF A MALICIOUS CODE IN A WEB BASED OPERATING SYSTEM |
| 摘要 |
A method for detecting a malicious code injected into the command stream of a widget running by a web-based OS at a device. The method is multi-stepped. Introducing by an App-Store hooks to within the command stream of the widget. Running at the App-Store the widget on an App-Store device, measuring respective time durations between various hooks, and recording said time durations within a metadata file. Associating said metadata file with said widget, and supplying said widget, and associated metadata file to within a user device. Upon running said widget by a web based OS at said user device, activating a monitoring module, determining durations between said introduced hooks, and comparing respectively said determined time durations with said measured time durations. And issuing an alert upon detection of a variation above a predefined value between any of said determined durations and said measured durations respectively. |
| 申请公布号 |
US2016127412(A1) |
申请公布日期 |
2016.05.05 |
| 申请号 |
US201414533194 |
申请日期 |
2014.11.05 |
| 申请人 |
SAMSUNG ELECTRONICS CO., LTD. |
发明人 |
BESKROVNY Evgeny;HOCH Yaacov |
| 分类号 |
H04L29/06;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device, which comprises:
a) introducing by an App-Store hooks to within the command stream of the widget; b) running at the App-Store the widget on an App-Store device, measuring respective time durations between various hooks, and recording said time durations within a metadata file; c) associating said metadata file with said widget, and supplying said widget, including said associated metadata file to within a user device which is substantially identical to said App-Store device; d) upon running said widget by a web based OS at said user device, activating a monitoring module, determining by said module times durations between said introduced hooks, and comparing respectively said determined time durations with said measured time durations; and e) issuing an alert upon detection of a variation above a predefined value between any of said determined durations and said measured durations respectively. |
| 地址 |
Gyeonggi-do KR |
