公开(公告)号：US11790083B2

公开(公告)日：2023-10-17

申请号：US16914183

申请日：2020-06-26

Applicant: Shape Security, Inc.

Inventor： Tim Disney ,  Madhukar Kedlaya ,  Claire Schlenker Schlenker ,  Nitish Khadke

IPC: G06F21/56 ,  G06F21/55 ,  H04L67/02

CPC classification number: G06F21/563 ,  G06F21/554 ,  G06F21/568 ,  H04L67/02

Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.

公开(公告)号：US12130920B2

公开(公告)日：2024-10-29

申请号：US18374188

申请日：2023-09-28

Applicant: Shape Security, Inc.

Inventor： Tim Disney ,  Madhukar Kedlaya ,  Claire Schlenker ,  Nitish Khadke

IPC: G06F21/56 ,  G06F21/55 ,  H04L67/02

CPC classification number: G06F21/563 ,  G06F21/554 ,  G06F21/568 ,  H04L67/02

Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.

公开(公告)号：US20240020384A1

公开(公告)日：2024-01-18

申请号：US18374188

申请日：2023-09-28

Applicant: Shape Security, Inc.

Inventor： Tim DISNEY ,  Madhukar Kedlaya ,  Claire Schlenker ,  Nitish Khadke

IPC: G06F21/56 ,  G06F21/55

CPC classification number: G06F21/563 ,  G06F21/554 ,  G06F21/568 ,  H04L67/02

Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.

公开(公告)号：US20210406370A1

公开(公告)日：2021-12-30

申请号：US16914183

申请日：2020-06-26

Applicant: Shape Security, Inc.

Inventor： Tim Disney ,  Madhukar Kedlaya ,  Claire Schlenker Schlenker ,  Nitish Khadke

IPC: G06F21/56 ,  G06F21/55

Abstract: Techniques are provided for detecting a malicious script in a web page. Instrumentation code is provided for serving to a client computing device with a web page. The instrumentation code is configured to monitor web code execution at the client computing device when a script referenced by the web page is processed. Script activity data generated by the instrumentation code is received. The script activity data describes one or more script actions detected by the instrumentation code at the client computing device. Prior script activity data generated by a prior instance of the instrumentation code is obtained. A malicious change in the script is detected based on comparing the script activity data and the prior script activity data. In response to detecting the malicious change in the script, a threat response action is performed.