| CPC G06F 21/577 (2013.01) [G06F 21/53 (2013.01); G06F 21/566 (2013.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01)] | 20 Claims |
|
1. A method for determining a threat score of an electronic document, the method comprising the steps of:
loading and rendering the electronic document in a document sandbox, the document sandbox adapted to simulate user interaction with the electronic document before a user is given access to the electronic document, and the document sandbox implemented without displaying the electronic document in a graphical user interface so as to speed up execution of loading web pages;
querying a list of all available navigation elements in the electronic document from the document sandbox;
controlling the document sandbox to simulate user interaction with the electronic document based on the queried list while recording observed events during the simulation of user interaction;
during the loading and rendering step and during the controlling step, monitoring the document sandbox for events triggered by the electronic document and belonging to one of at least two predefined event classes;
recording each observed event during the monitoring of the document sandbox together with a respective event class to which each observed event belongs; and
determining, before the user is given access to the electronic document, the threat score of the electronic document based on predefined numerical weights associated with each of the predefined event classes to which the recorded events belong, thereby determining the threat score using events recorded during simulation of user interaction with the electronic document.
|