Currently, the number of personal computing devices is on the rise. Computers and mobile devices work under the control of various operating systems and solve diverse problems. Many users use these devices for Internet browsing.
In addition, new malicious software (malware) is being constantly developed, including computer viruses, Trojan horses, and Internet worms. A significant portion of this malware is aimed at attacking users working on the Internet. One of the popular type of attacks on Internet users is an attack in which malicious software replaces the contents of a web page being displayed to the user. The malicious software performs an insertion of HTML code into the web page. Often this attack is known as the “man in the browser” or a “web code injection”. The attack may start with the use of a Trojan application, for example, which installs in the victim's web browser a malicious extension or plugin which is launched when the browser is restarted. Then comes an interception of the user's traffic which is destined for a particular web site (most often a banking site). Next, the web page being displayed to the user is modified at the stage of downloading or opening), making it possible to modify the external appearance of a particular element of the web page, steal the victim's authentication data as it is being entered, or redirect the funds being transferred by the user to a different account.
Current technical solutions aimed at increasing the safety of the working of a user on the Internet take into account attacks injecting malicious code into a web page. However, they do not provide effective solutions for determining whether a web page has been modified by malicious software.