| CPC G06F 21/56 (2013.01) [G06F 2221/034 (2013.01)] | 17 Claims |
|
1. A method, comprising:
emulating, by a computing device, a predetermined browser in cooperation with a browser controller for providing a controlled environment to execute at least one web program without harming the computing device;
loading, by the computing device, at least one web page into the predetermined browser, wherein the web page is a target web page for malware detection;
injecting, by the computing device executing the browser controller, a first program into the loaded at least one web page, the first program configured to monitor an execution of the at least one web page;
capturing, by the computing device, at least one first visual representation of at least one graphical user interface element of the at least one web page at a first time after the loading;
executing, by the computing device, the at least one web page in the predetermined browser;
logging, by the computing device via the first program, an execution of a second program embedded in the at least one web page, wherein the second program is a malicious program written in in scripting language;
capturing, by the computing device, at least one second visual representation of the at least one graphical user interface element at a second time after the execution of the second program, the second time being later than the first time;
comparing, by the computing device, the at least one first and second visual representation to detect at least one visual change therebetween, wherein detecting the at least one visual change comprises loading the first and second image to a trained artificial intelligence model for detecting the at least one visual change;
identifying, by the computing device, the execution of the second program as a cause of the at least one visual change; and
performing, by the computing device, at least one remedial action related to the at least one web page in response to detecting the at least one visual change.
|