FIELD: information technology.
SUBSTANCE: invention relates to antivirus technologies. System for blocking script execution, requested by a client from a server comprises: a) interception means intended for: interception of at least one script, requested by client from server, sending intercepted script to intermediate code generation means, and blocking execution of intercepted script when deciding that intercepted script is malicious; b) said intermediate code generation means, intended for: generating a byte-code of intercepted script, where byte-code represents a set of codes of operations, consisting of at least one code contained in intercepted script; and sending generated byte-code to a hash sum calculating means; c) said hash sum calculating means is designed to calculate a hash sum from generated byte-code; and sending calculated hash sum to search means; d) hash sum database intended for storage of at least one group, which is a set of data, including: at least two hash sums, at least one degree of similarity of at least two hash sums; e) said search means for sampling from hash sum database of at least one group, wherein at least one hash sum has a hash sum calculated by hash sum calculating means, degree of similarity according to established threshold value of similarity; and sending at least one selected group and degree of similarity to analysis means; f) verdict template database for: storing verdict templates, wherein each verdict template represents a set of data, including at least one said group of hash sum database; verdict template trust factor, which is a numerical value; g) said analysis means designed for sampling from verdict template database of at least one verdict template, including at least one group for which degree of similarity with at least one group selected by search means corresponds to set threshold value; and sending verdict template trust coefficient from selected verdict template and degree of similarity to verdict means; h) said verdict means intended for judging whether script intercepted by interception means, is malicious based on at least one verdict template trust factor received from analysis means and at least one degree of similarity of hash sums received from search means; and sending judgement to interception means.
EFFECT: technical result of present invention is ensuring safety of computer system, on which a client is operating, and counteracting embedded malicious script on computer system, on which a client is operating, from a server by blocking execution of a script requested by a client from a server, if requested script is considered malicious as a result of inspection.
16 cl, 3 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD FOR DETECTING PHISHING SCRIPTS | 2015 |
|
RU2622626C2 |
| SYSTEM AND METHOD OF CLASSIFYING OBJECTS OF COMPUTER SYSTEM | 2018 |
|
RU2724710C1 |
| SYSTEM AND METHOD OF MACHINE TRAINING MODEL OF DETECTING MALICIOUS FILES | 2017 |
|
RU2673708C1 |
| SYSTEM AND METHOD OF CLASSIFICATION OF OBJECTS | 2017 |
|
RU2679785C1 |
| SYSTEM AND METHOD OF DETECTION OF MALICIOUS FILES USING A TRAINED MALWARE DETECTION PATTERN | 2017 |
|
RU2654151C1 |
| SYSTEM AND METHOD OF DETECTING A MALICIOUS FILE | 2018 |
|
RU2739865C2 |
| SYSTEM AND METHOD OF MANAGING COMPUTING RESOURCES FOR DETECTING MALICIOUS FILES | 2017 |
|
RU2659737C1 |
| SYSTEM AND METHOD OF DETECTING MALICIOUS FILES ACCOMPANIED WITH USING THE STATIC ANALYSIS ELEMENTS | 2017 |
|
RU2654146C1 |
| SYSTEM AND METHOD OF GENERATING RULES FOR SEARCHING DATA USED FOR PHISHING | 2014 |
|
RU2580027C1 |
| SYSTEM AND DETECTING METHOD OF REMOTE ADMINISTRATION APPLICATION | 2016 |
|
RU2634173C1 |
