| CPC H04L 63/1491 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1466 (2013.01)] | 19 Claims |
|
1. A method for automated malicious code replacement, the method comprising:
analyzing, using a trained machine learning (ML) algorithm for identifying malicious content, a file comprising a script written in an interpretable programming language, wherein the malicious content triggers malicious activity on a computing device that stores the file, and wherein a training dataset for the ML algorithm includes a plurality of scripts and labelled malware injections in the scripts;
detecting a malware injection in the file based on the ML analysis, wherein the malware injection comprises at least one code fragment that enables the malicious activity, and identifying at least one malicious activity trigger operator in the code fragment;
selecting, using a trained ML algorithm for selecting a replacement code, a benign code fragment that can replace the at least one code fragment to prevent execution of the malicious activity without causing a syntax error, wherein the benign code fragment includes a benign operator that accepts the same inputs as the malicious activity trigger operator, and wherein a training dataset for the ML algorithm includes a plurality of malicious activity operators and corresponding benign code fragments with the benign operators; and
updating the file by replacing at least the malicious activity trigger operator in the at least one code fragment with the selected benign code fragment.
|