Search International and National Patent Collections

1. (WO2018203775) SYSTEM AND METHOD FOR CHECKING WEB RESOURCES FOR THE PRESENCE OF MALICIOUS INSERTS

Pub. No.:    WO/2018/203775    International Application No.:    PCT/RU2018/000274
Publication Date: Fri Nov 09 00:59:59 CET 2018 International Filing Date: Fri Apr 27 01:59:59 CEST 2018
IPC: G06F 21/56
Applicants: RABINOVICH, Ilya Samuilovich
РАБИНОВИЧ, Илья Самуилович
Inventors: RABINOVICH, Ilya Samuilovich
РАБИНОВИЧ, Илья Самуилович
Title: SYSTEM AND METHOD FOR CHECKING WEB RESOURCES FOR THE PRESENCE OF MALICIOUS INSERTS
Abstract:
The invention relates to systems and methods for ensuring the safety of computer systems, and more particularly to systems and methods for checking protected web resources for the presence of malicious, potentially dangerous and undesirable inserts. A system for checking web resources for the presence of malicious inserts comprises an origin address search unit connected to an interpreter capable of interpreting all code execution directions in the event of conditional branching, a decision-making unit, a local database of safe elements, a local database of malicious elements, a data receiving and transmitting unit, a code and data correction unit, a decomposition and composition unit, and a dynamic analysis unit, wherein the interpreter is connected to the decision-making unit, which is connected to a unit of the local database of safe elements, and to a unit of the local database of malicious elements, the data receiving and transmitting unit, and the code and data correction unit, and the data receiving and transmitting unit is connected to the decomposition and composition unit which is connected to the dynamic analysis unit. A method for checking web resources for the presence of malicious inserts using the aforementioned checking system includes recursively parsing a web resource and analyzing the associated sources of information, for example the logs of the web resource, interpreting the code of the web resource and logging the interpretation step, wherein, in the event of interpretation of a conditional branching command, the interpretation step is duplicated, and interpretation of the code is continued in all directions defined by the conditional branching with one or more web pages being obtained in which potentially malicious elements are detected by comparing all elements of potentially malicious types with those contained in the local database of safe elements and in the local database of malicious elements; if unknown potentially malicious elements are detected, these elements are subjected to checking and dynamic analysis, whereupon a correspondence is established between each malicious element detected and the code on the site which introduced these elements into the source data.