System and method for defending applications invoking anonymous functions
Abstract
A system and method for defending an application configured to invoke anonymous functions. The method includes analyzing the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identifying a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to an anonymous function; and creating a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for defending an application configured to invoke anonymous functions, comprising:
analyzing the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identifying a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to an anonymous function; and creating a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.
2 . The method of claim 1 , wherein the secured instance of the application is configured to apply a machine learning model for detecting anomalous behavior, wherein the machine learning model is trained using a training set including training anonymous function inputs, training anonymous function outputs, and training anonymous function characteristics.
3 . The method of claim 2 , wherein creating the secured instance of the application further comprises:
aggregating cloud provider data in order to create a function profile for the anonymous function; and uploading a new version of the anonymous function including the created function profile, wherein the policy is embedded in the new version of the anonymous function.
4 . The method of claim 1 , wherein creating the secured instance of the application further comprises:
rewiring the call to the anonymous function.
5 . The method of claim 4 , wherein the anonymous function is a first anonymous function, wherein rewiring the call to the first anonymous function further comprises replacing the call to the first anonymous function with a call to a second anonymous function.
6 . The method of claim 1 , wherein analyzing the application to determine at least one branch of the application further comprises performing a static analysis of an application code of the application.
7 . The method of claim 1 , wherein analyzing the application to determine at least one branch of the application further comprises performing a dynamic request simulation for the application.
8 . The method of claim 7 , wherein performing the dynamic request simulation for the application further comprises:
uploading a test-secured application, wherein the test-secured application is configured to collect data related to requests; and analyzing the collected data related to the requests in order to identify at least one feature of the requests that is indicative of a potential threat.
9 . The method of claim 8 , wherein the test-secured application includes a rewired function call to a substitute function, wherein the substitute function is configured to collect the data related to the requests.
10 . A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising:
analyzing an application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identifying a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to the anonymous function; and creating a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.
11 . A system for defending an application configured to invoke anonymous functions, comprising:
a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: analyze the application to determine at least one branch of the application, wherein each branch is an instruction that deviates from a default behavior of the application; identify a potential threat branch based on the at least one branch of the application and an anonymous function, the potential threat branch including a call to the anonymous function; and create a secured instance of the application, wherein creating the secured instance of the application further comprises embedding a policy within the anonymous function of the identified potential threat branch.
12 . The system of claim 11 , wherein the secured instance of the application is configured to apply a machine learning model for detecting anomalous behavior, wherein the machine learning model is trained using a training set including training anonymous function inputs, training anonymous function outputs, and training anonymous function characteristics.
13 . The system of claim 12 , wherein the system is further configured to:
aggregate cloud provider data in order to create a function profile for the anonymous function; and upload a new version of the anonymous function including the created function profile, wherein the policy is embedded in the new version of the anonymous function.
14 . The system of claim 11 , wherein the system is further configured to:
rewire the call to the anonymous function.
15 . The system of claim 14 , wherein the anonymous function is a first anonymous function, wherein the system is further configured to:
replace the call to the first anonymous function with a call to a second anonymous function.
16 . The system of claim 11 , wherein the system is further configured to:
perform a static analysis of an application code of the application.
17 . The system of claim 11 , wherein the system is further configured to:
perform a dynamic request simulation for the application.
18 . The system of claim 17 , wherein the system is further configured to:
upload a test-secured application, wherein the test-secured application is configured to collect data related to requests; and analyze the collected data related to the requests in order to identify at least one feature of the requests that is indicative of a potential threat.
19 . The system of claim 18 , wherein the test-secured application includes a rewired function call to a substitute function, wherein the substitute function is configured to collect the data related to the requests.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.