WO2016127233A1 - Assistive technology for anti-malware software - Google Patents

Assistive technology for anti-malware software Download PDF

Info

Publication number
WO2016127233A1
WO2016127233A1 PCT/BR2016/000011 BR2016000011W WO2016127233A1 WO 2016127233 A1 WO2016127233 A1 WO 2016127233A1 BR 2016000011 W BR2016000011 W BR 2016000011W WO 2016127233 A1 WO2016127233 A1 WO 2016127233A1
Authority
WO
WIPO (PCT)
Prior art keywords
web
browser
data set
component
local
Prior art date
Application number
PCT/BR2016/000011
Other languages
French (fr)
Inventor
Paulo Márcio FIGUEIREDO ALVES
Original Assignee
Gas Informatica Ltda
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gas Informatica Ltda filed Critical Gas Informatica Ltda
Publication of WO2016127233A1 publication Critical patent/WO2016127233A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • Mai ware is particular type of software used to interfere with normal computer operations. Malware is sometimes used to generally gain access to computer systems, gather information, or display unwanted materials, such as advertising.
  • malware There currently exist several strategies to address malware.
  • One strategy is to scan for and address malware existing on a machine. Such resolutions generally include particular measures to address specific malware already infecting a machine.
  • Another strategy is to monitor for and attempt to detect malware as it is received by a machine.
  • Such a strategy typically includes a local agent that monitors data received by a machine.
  • the local agent is usually an executable running on the local machine. As such, the local agent must wait for the potential malware to come to the local machine and constantly analyze the data stream of the application that has requested the potential malware.
  • This relates more particularly to anti-malware software with an assistive technology module.
  • anti-malware software has two components that work in coordination: a browser component and a local-server component.
  • the browser component runs within a web browser or other suitable application, and the browser component receives and forwards at least one web-related data set to the local-server component via an assistive- technology module.
  • the local-server component executes an algorithm on the at least one web- related data set or portions of the at least one web-related data set.
  • the algorithm may be an anti- malware algorithm directed to determining whether the at least one web-related data set is either an authentic data set or potential malware.
  • FIG. 1 is a schematic illustration of a system including anti-malware software with assistive technology.
  • FIG. 2 is a schematic representation of portion of a process running on the system of Fig. 1.
  • FIG. 3 is an illustration similar to Fig. 2, but showing another portion of the process.
  • FIG. 4 is an illustration similar to Fig. 2, but showing another portion of the process.
  • FIG. 5 is an illustration similar to Fig. 2, but showing another portion of the process.
  • Fig. 6 is an illustration similar to Fig. 2, but showing another portion of the process.
  • FIG. 7 is an illustration similar to Fig. 2, but showing another portion of the process.
  • Fig.8 is an illustration similar to Fig. 2, but showing another portion of the process.
  • FIG. 9 is an illustration similar to Fig. 2, but showing another portion of the process.
  • Fig. 10 is an illustration similar to Fig. 2, but showing another portion of the process.
  • Fig. 1 1 is a schematic illustration similar to Fig. 1 , but showing a system of another embodiment.
  • Fig. 12 is a schematic representation of portion of a process running on the system of Fig. 1 1.
  • Fig. 13 is an illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 14 is an illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 15 is an illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 16 is an illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 17 is an illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 18 is an illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 19 is an illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 20 is a illustration similar to Fig. 12, but showing another portion of the process.
  • Fig. 21 is an illustration similar to Fig. 12, but showing another portion of the process.
  • anti-malware software has two components that work in coordination: a browser component and a local-server component.
  • the browser component runs within a web browser, e.g., Microsoft/Windows Internet Explorer, Google Chrome, Firefox, Opera, or other suitable application, and the browser component receives and forwards at least one web-related data set to the local-server component via an assistive-technoiogy module.
  • the local-server component executes an algorithm on the at least one web-related data set or portions of the at least one web-related data set.
  • the algorithm may be an anti- malware algorithm directed -to determining whether the at least one web-related data set is either an authentic data set or potential malware.
  • a computer 2 for receiving web data 6 from a web server 4.
  • the computer 2 includes a web browser 16 retrieving, presenting, traversing, and/or interacting with resources on the World Wide Web or other network structure, such as web server 4.
  • web data and “web server” are to include any data presented from or sever on any suitable network arrangement and that "web browser” is to include any application suitable for the computer 2 to interact with a resource on the World Wide Web or other suitable networking arrangement.
  • web browser 16 receives web data 6 from web server 4.
  • the web data 6 includes any of certain data sets, such as particular Uniform Resource Identifiers (URls), that is either a Uniform Resource Locator (URL) or a Uniform Resource Name (URN), or web addresses or other unique identifier, certain data requests, inclusion of executable files or zip files, the presence of unidentifiable data and/or any other predetermined data set, the browser component 12 creates an web-page tag, which may be transparent or invisible to a user.
  • the web-page tag includes a local server-component request that may be detected by web browser 16.
  • the web browser 16 makes an assistive call to an assistive-technoiogy module 20; in making the call, the tag is also forwarded to the assistive technology module 20.
  • the assistive technology module 20 then notifies a local-server component 14 of this assistive event and additionally forwards the tag to server component 14.
  • the local-server component 14 executes an algorithm upon at least a portion of the tag data.
  • the algorithm may be an anti- malware algorithm directed to determining whether the at least one web-related data set is either an authentic data set or potential malware.
  • the local-server component 14 may subsequently then make a browser call to web browser 16.
  • the browser call from local-server component 14 to web browser 16 may include the result of the executed algorithm.
  • the browser call may include instructions to the web browser to continue processing the web data 6, to limit the processing of web data 6 or to terminate the processing of web data 6.
  • web browser 16 subsequently provides the result of the executed algorithm to the user and/or to the browser component 12 (as will be further discussed below).
  • web browser 16 may continue processing the web data 6, limit the processing of web data 6 or terminate the processing of web data 6, as instructed in the browser call.
  • the local-server component 14 registers with an operating system of computer 2 that contains the assistive-technology module 20 and/or registers directly with the assistive-technology module 20.
  • the assistive-technology module 20 may be any suitable assistive technology module 20, for example Windows Assistive Service.
  • the assistive-technology module 20 may notify the local-server component 14 of accessibility events. This may enable the local-server component 14 to effectively monitor accessibility events in real time.
  • the browser component 12 initiates a request to the local- server component 14 by creating a web-page tag that, for example, includes a request in the value field of the tag; the request may include a data set that is a webpage or a website URL or other appropriate data optionally in combination with an instruction for a particular algorithm to be executed upon at least a portion of data set.
  • the web browser 16 is also shown illustratively to provide context.
  • Fig. 5 it is shown that in response to the web-page tag being created by the browser component 12, the browser component 12 or the web browser 16 notifies the operating system of computer 2 and/or the assistive-technology module 20.
  • the web-page tag or a modified version of the tag is sent from the browser component 12 or the web browser 16 to the operating system of the computer 2 or the assistive-technology module 20 as an argument(s).
  • the operating system of the computer 2 or the assistive-technology module 20 subsequently alerts the local-server component 14 of this accessibility event by sending the local-server component 14 an assistive message.
  • the web browser 16 is also informed with this assistive message.
  • Fig. 7 shows the local-server component 14 monitoring for accessibility events and associated assistive messages, in response to receiving an assistive message that includes new tag or a modified version of new tag with or without arguments, the local-server component 14 executes an algorithm on at least a portion of the data set in the tag or version of the tag.
  • the algorithm is a black-list or white-list comparison of a URL or other data within the tag or modified version tag; the algorithm may be directed to determining whether URL or other data is authentic.
  • the local-server component 14 sends a reply communication to web browser 16.
  • the reply may optionally include a representation of the result(s) from the algorithm alone or in combination with additional data.
  • the reply of the local-server component 14 to the web browser 16 may cause a new tab to open within the web browser 16. This may occur because the reply includes URL or other data identified in the tag or a modified version of the tag.
  • a new browser tab may open with the webpage associated with URL or other data. Additionally, the reply from the local-server component 14 may also causes browser component 12 to execute a code that, for example, processes hash of the page (i.e., everything that is after the # in the call from local-server component 14).
  • FIGs. 1 1 -21 illustrate a system of another embodiment similar to system illustrated in Figs. 1-10.
  • FIGs. 1 1 -21 illustrate a system of another embodiment similar to system illustrated in Figs. 1-10.

Abstract

Anti-malware software has two components that work in coordination: a browser component and a local-server component. The browser component runs within a web browser or other suitable application, and the browser component receives and forwards at least one web- related data set to the local-server component via an assistive-technology module. In response to receiving the at least one web-related data set sent from the browser component, the local-server component executes an algorithm on the at least one web-related data set or portions of the at least one web-related data set. As an example, the algorithm may be an anti-malware algorithm directed to determining whether the at least one web-related data set is either an authentic data set or potential malware.

Description

ASSISTIVE TECHNOLOGY FOR ANTI- ALWARE SOFTWARE
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority to and the benefit of U.S. Provisional Patent Application No. 62/1 14,394 filed 10 February 2015, the contents of which are hereby incorporated by reference in their entirety.
BACKGROUND
[0002] This relates in general to anti-malware software.
[0003] Mai ware (malicious software) is particular type of software used to interfere with normal computer operations. Malware is sometimes used to generally gain access to computer systems, gather information, or display unwanted materials, such as advertising.
[0004] There currently exist several strategies to address malware. One strategy is to scan for and address malware existing on a machine. Such resolutions generally include particular measures to address specific malware already infecting a machine. Another strategy is to monitor for and attempt to detect malware as it is received by a machine. Such a strategy typically includes a local agent that monitors data received by a machine. The local agent is usually an executable running on the local machine. As such, the local agent must wait for the potential malware to come to the local machine and constantly analyze the data stream of the application that has requested the potential malware.
SUMMARY
[0005] This relates more particularly to anti-malware software with an assistive technology module.
[0006] In at least one embodiment, anti-malware software has two components that work in coordination: a browser component and a local-server component. The browser component runs within a web browser or other suitable application, and the browser component receives and forwards at least one web-related data set to the local-server component via an assistive- technology module. In response to receiving the at least one web-related data set sent from the browser component, the local-server component executes an algorithm on the at least one web- related data set or portions of the at least one web-related data set. As an example, the algorithm may be an anti- malware algorithm directed to determining whether the at least one web-related data set is either an authentic data set or potential malware.
[0007] Various aspects will become apparent to those skilled in the art from the following detailed description and the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0008] Fig. 1 is a schematic illustration of a system including anti-malware software with assistive technology.
[0009] Fig. 2 is a schematic representation of portion of a process running on the system of Fig. 1.
[0010] Fig. 3 is an illustration similar to Fig. 2, but showing another portion of the process.
[0011] Fig. 4 is an illustration similar to Fig. 2, but showing another portion of the process.
[0012] Fig. 5 is an illustration similar to Fig. 2, but showing another portion of the process.
[0013] Fig. 6 is an illustration similar to Fig. 2, but showing another portion of the process.
[0014] Fig. 7 is an illustration similar to Fig. 2, but showing another portion of the process.
[0015] Fig.8 is an illustration similar to Fig. 2, but showing another portion of the process.
[0016] Fig. 9 is an illustration similar to Fig. 2, but showing another portion of the process.
[0017] Fig. 10 is an illustration similar to Fig. 2, but showing another portion of the process.
[0018] Fig. 1 1 is a schematic illustration similar to Fig. 1 , but showing a system of another embodiment. [0019] Fig. 12 is a schematic representation of portion of a process running on the system of Fig. 1 1.
[0020] Fig. 13 is an illustration similar to Fig. 12, but showing another portion of the process.
[0021] Fig. 14 is an illustration similar to Fig. 12, but showing another portion of the process.
[0022] Fig. 15 is an illustration similar to Fig. 12, but showing another portion of the process.
[0023] Fig. 16 is an illustration similar to Fig. 12, but showing another portion of the process.
[0024] Fig. 17 is an illustration similar to Fig. 12, but showing another portion of the process.
[0025] Fig. 18 is an illustration similar to Fig. 12, but showing another portion of the process.
[0026] Fig. 19 is an illustration similar to Fig. 12, but showing another portion of the process.
[0027] Fig. 20 is a illustration similar to Fig. 12, but showing another portion of the process.
[0028] Fig. 21 is an illustration similar to Fig. 12, but showing another portion of the process.
DETAILED DESCRIPTION
[0029] In at least one embodiment, anti-malware software has two components that work in coordination: a browser component and a local-server component. The browser component runs within a web browser, e.g., Microsoft/Windows Internet Explorer, Google Chrome, Firefox, Opera, or other suitable application, and the browser component receives and forwards at least one web-related data set to the local-server component via an assistive-technoiogy module. In response to receiving the at least one web-related data set sent from the browser component, the local-server component executes an algorithm on the at least one web-related data set or portions of the at least one web-related data set. As an example, the algorithm may be an anti- malware algorithm directed -to determining whether the at least one web-related data set is either an authentic data set or potential malware.
[0030] Referring now to the drawings, there is illustrated in Fig. 1 a computer 2 for receiving web data 6 from a web server 4. The computer 2 includes a web browser 16 retrieving, presenting, traversing, and/or interacting with resources on the World Wide Web or other network structure, such as web server 4. It must be understood that "web data" and "web server" are to include any data presented from or sever on any suitable network arrangement and that "web browser" is to include any application suitable for the computer 2 to interact with a resource on the World Wide Web or other suitable networking arrangement.
[0031] In operation, web browser 16 receives web data 6 from web server 4. When the web data 6 includes any of certain data sets, such as particular Uniform Resource Identifiers (URls), that is either a Uniform Resource Locator (URL) or a Uniform Resource Name (URN), or web addresses or other unique identifier, certain data requests, inclusion of executable files or zip files, the presence of unidentifiable data and/or any other predetermined data set, the browser component 12 creates an web-page tag, which may be transparent or invisible to a user. The web-page tag includes a local server-component request that may be detected by web browser 16. In response to detecting the web-page tag, the web browser 16 makes an assistive call to an assistive-technoiogy module 20; in making the call, the tag is also forwarded to the assistive technology module 20. In response to receiving the call, the assistive technology module 20 then notifies a local-server component 14 of this assistive event and additionally forwards the tag to server component 14. In response to receiving the web-page tag, the local-server component 14 executes an algorithm upon at least a portion of the tag data. The algorithm may be an anti- malware algorithm directed to determining whether the at least one web-related data set is either an authentic data set or potential malware. The local-server component 14 may subsequently then make a browser call to web browser 16. The browser call from local-server component 14 to web browser 16 may include the result of the executed algorithm. The browser call may include instructions to the web browser to continue processing the web data 6, to limit the processing of web data 6 or to terminate the processing of web data 6. In response to receiving the browser call, web browser 16 subsequently provides the result of the executed algorithm to the user and/or to the browser component 12 (as will be further discussed below). In response to receiving the browser call, web browser 16 may continue processing the web data 6, limit the processing of web data 6 or terminate the processing of web data 6, as instructed in the browser call.
[0032] As shown in Fig. 2, the local-server component 14 registers with an operating system of computer 2 that contains the assistive-technology module 20 and/or registers directly with the assistive-technology module 20. The assistive-technology module 20 may be any suitable assistive technology module 20, for example Windows Assistive Service. In response to registration, the assistive-technology module 20 may notify the local-server component 14 of accessibility events. This may enable the local-server component 14 to effectively monitor accessibility events in real time.
[0033] Referring to Figs. 3 and 4, the browser component 12 initiates a request to the local- server component 14 by creating a web-page tag that, for example, includes a request in the value field of the tag; the request may include a data set that is a webpage or a website URL or other appropriate data optionally in combination with an instruction for a particular algorithm to be executed upon at least a portion of data set. The web browser 16 is also shown illustratively to provide context.
[0034] In Fig. 5 it is shown that in response to the web-page tag being created by the browser component 12, the browser component 12 or the web browser 16 notifies the operating system of computer 2 and/or the assistive-technology module 20. In at least one embodiment, the web-page tag or a modified version of the tag is sent from the browser component 12 or the web browser 16 to the operating system of the computer 2 or the assistive-technology module 20 as an argument(s).
[0035] It is illustrated in Fig. 6 that in response to being notified of the web-page tag (created by the browser component 12 and sent from the browser component 12 or the web browser 16), the operating system of the computer 2 or the assistive-technology module 20 subsequently alerts the local-server component 14 of this accessibility event by sending the local-server component 14 an assistive message. In at least one embodiment, the web browser 16 is also informed with this assistive message.
[0036] Fig. 7 shows the local-server component 14 monitoring for accessibility events and associated assistive messages, in response to receiving an assistive message that includes new tag or a modified version of new tag with or without arguments, the local-server component 14 executes an algorithm on at least a portion of the data set in the tag or version of the tag. In at least one embodiment, the algorithm is a black-list or white-list comparison of a URL or other data within the tag or modified version tag; the algorithm may be directed to determining whether URL or other data is authentic.
[0037] Referring to Fig. 8, the local-server component 14 sends a reply communication to web browser 16. The reply may optionally include a representation of the result(s) from the algorithm alone or in combination with additional data. In at least one embodiment, the reply of the local-server component 14 to the web browser 16 may cause a new tab to open within the web browser 16. This may occur because the reply includes URL or other data identified in the tag or a modified version of the tag.
[0038] It is illustrated in Fig. 9 that in response to receiving the reply from the local-server component 14, a new browser tab may open with the webpage associated with URL or other data. Additionally, the reply from the local-server component 14 may also causes browser component 12 to execute a code that, for example, processes hash of the page (i.e., everything that is after the # in the call from local-server component 14).
[0039] In Fig. 10, the original webpage that was waiting for a cookie, finds the cookie, excludes the request tag, and passes the response/algorithm result to the browser component 12.
[0040] Figs. 1 1 -21 illustrate a system of another embodiment similar to system illustrated in Figs. 1-10. [0041] While principles and modes of operation have been explained and illustrated with regard to particular embodiments, it must be understood, however, that this may be practiced otherwise than as specifically explained and illustrated without departing from its spirit or scope.

Claims

What is claimed is:
1. An anti-malware system comprising:
a computer having:
an assistive technology module,
a local-server component,
a browser application, and
a browser component running within the browser application,
where the browser component is operable to receive at least one web-related data set and forward the data set to the local-server component via the assistive-technology module
2. The system of Claim 1 where in response to receiving the at least one web-related data set sent from the browser component, the local -server component executes an algorithm on the at least one web-related data set or portions of the at least one web-related data set.
3. The system of Claim 2 where the algorithm is an anti- malware algorithm directed to determining whether the at least one web-related data set is either an authentic data set or potential malware.
4. The system of Claim 1 where the data set includes at least one of a Uniform Resource Identifiers (URIs), that is either a Uniform Resource Locator (URL) or a Uniform Resource Name (URN), a web addresses, a data requests, an executable file, a zip file, unidentifiable data and a predetermined data set.
5. The system of Claim 1 where the browser component 12 creates a web-page tag, which is transparent or invisible to a user.
6. The system of Claim 5 where the web-page tag includes a local server-component request detectable by the web browser.
7. The system of Claim 6 where in response to detecting the web-page tag, the web browser makes an assistive call to the assistive-technology module and forwards the tag to the assistive technology module.
8. The system of Claim 7 where in response to receiving the call, the assistive technology module notifies the local-server component of an assistive event and forwards the tag to the server component.
9. The system of Claim 8 where in response to receiving the web-page tag, the local-server component executes an anti-malware algorithm upon at least a portion of the tag data, the algorithm directed to determining whether the at least one web-related data set is either an authentic data set or potential malware.
10. The system of Claim 9 where the local-server component subsequently then makes a browser call to the web browser including the result of the executed algorithm.
1 1. The system of Claim 10 where the browser call includes instructions to the web browser to one of continue processing the web data, limit the processing of web data, and terminate the processing of web data.
12 The system of Claim 10 where in response to receiving the browser call, web browser subsequently provides the result of the executed algorithm to the user or to the browser component.
13. The system of Claim 1 1 where in response to receiving the browser call, the web browser, one of continues processing the web data, limits the processing of web data, and terminates the processing of web data, as instructed in the browser call.
14. The system of Claim 1 where the local-server component is registered with an operating system of computer or registered with the assistive-technology module.
15. The system of Claim 14 where in response to registration, the assistive-technology module notifies the local-server component of accessibility events.
16. The system of Claim 1 where the browser component is operable to initiates a request to the local-server component 14 by creating a web-page tag that includes a request in a value field of the tag.
17. The system of Claim 16 where the request includes a data set that includes at least one of a webpage or a website URI.
18. The system of Claim 17 there the request further includes an instruction for a particular algorithm to be executed upon at least a portion of the data set.
19. The system of Claim 16 where in response to the web-page tag being created by the browser component, the browser component or the web browser notifies the operating system of the computer or the assistive-technology module of the tag.
20. The system of Claim 16 where the web-page tag or a modified version of the tag is sent from the browser component or from the web browser to the operating system of the computer or the assistive-technology module as an argument.
PCT/BR2016/000011 2015-02-10 2016-02-10 Assistive technology for anti-malware software WO2016127233A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562114394P 2015-02-10 2015-02-10
US62/114,394 2015-02-10

Publications (1)

Publication Number Publication Date
WO2016127233A1 true WO2016127233A1 (en) 2016-08-18

Family

ID=56614029

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR2016/000011 WO2016127233A1 (en) 2015-02-10 2016-02-10 Assistive technology for anti-malware software

Country Status (1)

Country Link
WO (1) WO2016127233A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130086681A1 (en) * 2011-10-03 2013-04-04 Webroot Inc. Proactive browser content analysis
US20130347115A1 (en) * 2004-10-29 2013-12-26 Microsoft Corporation Tagging obtained content for white and black listing
US8839431B2 (en) * 2008-05-12 2014-09-16 Enpulz, L.L.C. Network browser based virus detection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130347115A1 (en) * 2004-10-29 2013-12-26 Microsoft Corporation Tagging obtained content for white and black listing
US8839431B2 (en) * 2008-05-12 2014-09-16 Enpulz, L.L.C. Network browser based virus detection
US20130086681A1 (en) * 2011-10-03 2013-04-04 Webroot Inc. Proactive browser content analysis

Similar Documents

Publication Publication Date Title
CN106936793B (en) Information interception processing method and terminal
CA2848655C (en) Providing a network-accessible malware analysis
US9043917B2 (en) Automatic signature generation for malicious PDF files
US9679136B2 (en) Method and system for discrete stateful behavioral analysis
US10148681B2 (en) Automated identification of phishing, phony and malicious web sites
US8726387B2 (en) Detecting a trojan horse
JP5599892B2 (en) Malware detection and response to malware using link files
CN107209831B (en) System and method for identifying network attacks
US8307434B2 (en) Method and system for discrete stateful behavioral analysis
JP2021503142A5 (en)
US20130298240A1 (en) Prioritizing Malicious Website Detection
US20050021791A1 (en) Communication gateway apparatus, communication gateway method, and program product
CN103384888A (en) Systems and methods for malware detection and scanning
JP2014513834A5 (en)
JP2015043204A (en) Detection of pattern co-occurring in dns
CN101667230A (en) Method and device for monitoring script execution
US7325185B1 (en) Host-based detection and prevention of malicious code propagation
US8789177B1 (en) Method and system for automatically obtaining web page content in the presence of redirects
TWI470468B (en) System and method for detecting web malicious programs and behaviors
US20130124687A1 (en) Apparatus and method for detecting modified uniform resource locator
US10616245B2 (en) Real-time remediation respective of security incidents
US20220210180A1 (en) Automated Detection of Cross Site Scripting Attacks
WO2016127233A1 (en) Assistive technology for anti-malware software
JP4298622B2 (en) Unauthorized access detection device, unauthorized access detection method, and unauthorized access detection program
EP2719141B1 (en) Method and device for security configuration

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16748495

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16/01/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16748495

Country of ref document: EP

Kind code of ref document: A1