Abstract: Disclosed are system and method for building statistical models of malicious elements of web pages. One exemplary method comprises: obtaining, by a control server, data about malicious elements of web pages; transforming, by the control server, the obtained data into at least one N-dimensional vector; creating, by the control server, at least one cluster based on elements of the at least one N-dimensional vector; and building, by the control server, the statistical model of the malicious elements of the web page based on the created at least one cluster.

Abstract: Disclosed are system and method for building statistical models of malicious elements of web pages. One exemplary method comprises: obtaining, by a control server, data about malicious elements of web pages; transforming, by the control server, the obtained data into at least one N-dimensional vector; creating, by the control server, at least one cluster based on elements of the at least one N-dimensional vector; and building, by the control server, the statistical model of the malicious elements of the web page based on the created at least one cluster.

Abstract: Disclosed are system and method for detecting anomalous or malicious elements of a web page. One exemplary method comprises: obtaining data about elements of a tested web page; generating at least one N-dimensional vector characterizing elements of the tested web page; retrieving a statistical model of known malicious web page elements; comparing the at least one N-dimensional vector with clusters of the statistical model of known malicious web page elements, by measuring the distance of the N-dimensional vector of the element and centers of all clusters of the statistical model; and identifying at least one malicious element of the tested web page based on results of the comparison.

Abstract: Disclosed are system and method for detecting anomalous elements of web pages. One exemplary method comprises: obtaining access to a web site, by a client computing device, by requesting a web page associated with the web site via a web server; executing the web page by the client computing device to gather data relating to the web page; determining at least one N-dimensional vector based at least on the gathered data; creating at least one cluster comprising a set of values of coordinates of vectors for at least one element of the web page in N-dimensional space based on the at least one N-dimensional vector; creating a statistical model of the web page based on the at least one cluster; and using the statistical model for detecting anomalous elements of the web page.

Abstract: Disclosed are systems and method for secure transmission of web pages using encryption of their content. An exemplary method comprises: receiving from a remote server, by a processor of a proxy server, a web page requested by a user device; analyzing, by the processor, the received web page to select one or more elements of the web page for encryption based at least upon a list of web page elements predetermined by the proxy server to protect against malware attacks; encrypting the code of the one or more selected elements; generating a script containing the encrypted code of the one or more selected elements; and replacing the code of the one or more selected elements in the web page with the script containing the encrypted code of the one or more selected elements prior to transmitting the web page to the user device.

Abstract: Disclosed are system and method for detecting anomalous or malicious elements of a web page. One exemplary method comprises: obtaining data about elements of a tested web page; generating at least one N-dimensional vector characterizing elements of the tested web page; retrieving a statistical model of known malicious web page elements; comparing the at least one N-dimensional vector with clusters of the statistical model of known malicious web page elements, by measuring the distance of the N-dimensional vector of the element and centers of all clusters of the statistical model; and identifying at least one malicious element of the tested web page based on results of the comparison.

Abstract: Disclosed are system and method for detecting anomalous elements of web pages. One exemplary method comprises: obtaining access to a web site, by a client computing device, by requesting a web page associated with the web site via a web server; executing the web page by the client computing device to gather data relating to the web page; determining at least one N-dimensional vector based at least on the gathered data; creating at least one cluster comprising a set of values of coordinates of vectors for at least one element of the web page in N-dimensional space based on the at least one N-dimensional vector; creating a statistical model of the web page based on the at least one cluster; and using the statistical model for detecting anomalous elements of the web page.

Abstract: Disclosed are a system and method for determining web pages modified with malicious code. An example method includes: intercepting an attempt to access a website; selecting, by a processor, one or more malicious software configuration files based on the intercepting of the attempt to access the website; creating a verification web page based on one or more code fragments from the selected one or more malicious software configuration files; opening the verification web page; and determining, by the processor, whether malicious code has been injected into the opened verification web page.

Abstract: Disclosed are systems and method for secure transmission of web pages using encryption of their content. An exemplary method comprises: receiving from a remote server, by a processor of a proxy server, a web page requested by a user device; analyzing, by the processor, the received web page to select one or more elements of the web page for encryption based at least upon a list of web page elements predetermined by the proxy server to protect against malware attacks; encrypting the code of the one or more selected elements; generating a script containing the encrypted code of the one or more selected elements; and replacing the code of the one or more selected elements in the web page with the script containing the encrypted code of the one or more selected elements prior to transmitting the web page to the user device.

Abstract: Disclosed are systems and method for encrypted transmission of web pages. One exemplary method comprises: receiving, by a proxy server, a web page requested by a user device; analyzing, by a hardware processor of the proxy server, the received web page to identify code of elements of the web page; selecting one or more identified elements of the web page for encryption; encrypting, by the hardware processor, the code of the one or more selected elements; generating, by the hardware processor, a script containing the encrypted code of the one or more selected elements; modifying the web page, by the hardware processor, by replacing in the web page the code of the one or more selected elements with the script containing the encrypted code of said one or more selected elements; and transmitting, by the proxy server, the modified web page to the user device.

Abstract: Disclosed are a system and method for determining web pages modified with malicious code. An example method includes: intercepting an attempt to access a website; selecting, by a processor, one or more malicious software configuration files based on the intercepting of the attempt to access the website; creating a verification web page based on one or more code fragments from the selected one or more malicious software configuration files; opening the verification web page; and determining, by the processor, whether malicious code has been injected into the opened verification web page.

Abstract: Disclosed is a system and method for determining modified web pages. An example method includes: extracting a plurality of malware trigger code fragments from a configuration file of the malicious software; creating a verification web page by adding the plurality of malware trigger code fragments into a template page; storing, in a database, data relating to an initial state of the verification web page; opening the verification web page and identifying data relating to an opened state of the verification web page; comparing the data relating to the initial state and the data relating to the opened state of the verification web page; and based on detected differences between the data relating to the initial state and the data relating to the opened state of the verification web page, identifying at least one modified code fragment of the verification web page.