1. Field
The present invention relates to a system and method for detecting false code, and more particularly, to a system and method for detecting false code in a web site linked to one or more web pages.
2. Description of the Related Art
With development of the Internet, the number of web sites is sharply increasing. In such a web site environment, contents provided by Web 2.0 and user created content (UCC) service users are also increasing. Since a general user can organize contents of web sites, actions for malicious purposes against the management policies of web sites are also continuously increasing.
For example, methods of embedding malicious code in vulnerable web sites and spreading the malicious code to a large number of general users visiting the web sites are becoming widespread. In particular, attacks on national public institutions are rapidly increasing and causing serious problems. As used in this application, “malicious code” refers to a program developed to disturb a user in smooth operation of a computer, including but not limited to computer viruses, computer worms (self-replicable malicious code), Trojan horses (malicious code not infecting other targets but causing a system to malfunction), and so on.
The administrator of a web site may allow use of hypertext markup language (HTML) tags, such as IFRAME and SCRIPT tags, in order to incorporate content provided by users, but malicious code may be inserted into such HTML tags. The problem is manifest because the administrator of a web site desires to allow use of these HTML tags to incorporate desired functionality.
A normal HTML tag and malicious HTML tag have basically the same format, and thus it is difficult to distinguish them from each other. Also, tags having different purposes are input according to non-formal characteristics of a web site, for example, portals, moving pictures, price comparisons, and shopping sites, and thus it is impossible to limit a user input to a predetermined pattern. As such, currently an administrator must examine all tags in all linked web pages to determine whether or not there is a problem. However, in a huge web site in which tens of thousands of postings are registered, it is substantially impossible to monitor all the web pages.
Consequently, a system that can rapidly check an entire web site in a short time period is needed.