| 发明名称 |
DETECTION OF MALICIOUS SCRIPTING LANGUAGE CODE IN A NETWORK ENVIRONMENT |
| 摘要 |
A method is provided in one example embodiment and includes initiating an execution of a compiled script, evaluating a function called in the compiled script, detecting an execution event based on at least a first criterion, and storing information associated with the execution event in an execution event queue. The method also includes verifying a correlation signature based on information associated with at least one execution event in the execution event queue. In specific embodiments, the method includes evaluating an assignment statement of a script during compilation of the script by a compiler, detecting a compilation event based on at least a second criterion, and storing information associated with the compilation event in a compilation event queue. In yet additional embodiments, the verification of the correlation signature is based in part on information associated with one or more compilation events in the compilation event queue. |
| 申请公布号 |
US2015363598(A1) |
申请公布日期 |
2015.12.17 |
| 申请号 |
US201414761285 |
申请日期 |
2014.01.16 |
| 申请人 |
XU Chong;SUN Bing;SINGH Navtej;LIN Yichong;BU Zheng |
发明人 |
Xu Chong;Sun Bing;Singh Navtej;Lin Yichong;Bu Zheng |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. At least one machine accessible storage medium having instructions stored thereon for detecting malicious code in a script, wherein the instructions, when executed by at least one processor, cause the at least one processor to:
initiate an execution of a compiled script; evaluate a function called in the compiled script; detect an execution event based on at least a first criterion; store information associated with the execution event in an execution event queue; and verify a correlation signature based on information associated with at least one execution event in the execution event queue. |
| 地址 |
Sunnyvale CA US |
