KR-102963430-B1 - Tracker detection devices, tracker detection methods, and computer programs

Abstract

According to embodiments of the present disclosure, data collected by tracking scripts on a web page can be monitored to provide for data collection that infringes upon personal privacy. Additionally, hidden personal information tracking scripts can be detected by generating one or more coercive statements that execute scripts for each branching point included in an HTML document and extracting tracking scripts using the coercive statements. Furthermore, tracking scripts for personal information can be detected before actual execution by generating static variable flow data for an HTML document and executing the HTML document using the static variable flow data. Additionally, by providing information about tracking scripts to the user, hidden tracking functions occurring on the website can be identified in addition to the rendered website.

Inventors

• 전유석

Assignees

• 울산과학기술원

Dates

Publication Date

20260508

Application Date

20231214

Claims (11)

1. A tracker detection device receives an HTML document of a website to be accessed, dynamically analyzes the HTML document to generate static variable flow data, and extracts user source information and sink area information using the static variable flow data to extract a tracking script; The above-mentioned tracker detection device determines whether the tracking script is harmful based on whether a flow in which user source information leaks to a sink area occurs, by utilizing the static variable flow data in consideration of the user source information and sink area included in the tracking script; and The above-mentioned tracker detection device includes the step of generating and displaying information about a harmful tracking script as output data; The step of extracting the above-mentioned trace script includes the step of generating a forced execution statement that executes all code included in the above-mentioned HTML document, and generating the above-mentioned static variable flow data for the above-mentioned HTML document using the said forced execution statement. A tracer detection method comprising the step of determining whether the tracer is harmful by executing a plurality of statements branched by forced input for a branch-type statement included in the tracer script.
2. delete
3. In paragraph 1, The above static variable flow data is, A tracer detection method that is data on the flow of values for variables during the execution process of a program without executing the program.
4. delete
5. In paragraph 1, The step of determining the above-mentioned harmfulness A tracer detection method for determining whether the trace script is harmful by determining whether the user source information of the trace script is included in a pre-configured table of user source information and whether the sink area information is included in a pre-configured table of sink area information.
6. It includes a communication unit, memory, and a processor, The above processor receives an HTML document of a website to be accessed, dynamically analyzes the HTML document to generate static variable flow data, extracts user source information and sink area information using the static variable flow data, and extracts a trace script. Considering the user source information and sink area included in the above tracking script, and using the above static variable flow data, the harmfulness of the above tracking script is determined based on whether a flow in which user source information leaks to the sink area occurs. Generates and displays information about harmful tracking scripts as output data, and A tracker detection device in which the processor generates a forced execution statement that executes all codes included in the HTML document, generates static variable flow data for the HTML document using the forced execution statement, and executes multiple statements branched by forced input for a branch-type statement included in the tracking script to determine whether the tracking script is harmful.
7. delete
8. In paragraph 6, The above static variable flow data is, A tracker detection device that is data on the flow of values for variables during the execution process of a program without executing the program.
9. delete
10. In paragraph 6, The above processor, A tracker detection device that determines whether the user source information of the above-mentioned tracking script is included in a pre-configured table of user source information and whether the sink area information is included in a pre-configured table of sink area information, and determines whether the above-mentioned tracking script is harmful.
11. A computer program stored on a computer-readable storage medium to execute the method of any one of paragraphs 1, 3, and 5 using a computer.

Description

Web page tracker detection devices, tracker detection methods, and computer programs The specification of the present disclosure relates to a tracker detection device, a tracker detection method, and a computer program, characterized by reading data for a web page to detect a tracking script and generating and providing an output message for the tracking script. In the context of the Internet or online analytics, a web page tracker refers to a tool or system used to monitor or collect data on visitors and their interactions with a specific website. The primary purpose of a web page tracker is to provide website administrators or marketing personnel with analysis of website performance and usage. Through web page trackers, website administrators can obtain analytical data regarding website visitors. They can acquire data such as the number of times a website is viewed and navigation paths within the website. Website administrators can also obtain information about the sources that recommended the website (search engines, social media platforms, direct traffic, etc.). Furthermore, they can monitor conversion events such as purchases, form completions, and newsletter sign-ups. Finally, they can obtain data on viewer engagement—including button clicks, downloads, and video viewing—as well as performance metrics for the website, such as page load times and server response times. These trackers can be installed on web pages to collect and analyze data regarding user terminals or user behavior. Since it is difficult for users to know what data web page trackers are acquiring, information that infringes on personal privacy can be collected. Therefore, in order to protect personal privacy, there is a growing need to monitor data collected by web page trackers. FIG. 1 is an exemplary diagram of a network environment of an automatic tracking device according to embodiments of the present disclosure. FIG. 2 is a block diagram of a tracker automatic monitoring device (100) according to embodiments of the present disclosure. Figure 3 is a block diagram of the memory (120). Figure 4 is a block diagram of the behavior detection unit (121). FIG. 5 is a flowchart of a method for detecting the behavior of a tracking script according to embodiments of the present disclosure. The structure and operation of the present invention will be described in detail below with reference to embodiments of the present invention illustrated in the attached drawings. The present invention is capable of various modifications and may have various embodiments; specific embodiments are illustrated in the drawings and described in detail in the detailed description. The effects and features of the present invention, and the methods for achieving them, will become clear by referring to the embodiments described below in detail together with the drawings. However, the present invention is not limited to the embodiments disclosed below but can be implemented in various forms. Hereinafter, embodiments of the present invention will be described in detail with reference to the attached drawings. When describing with reference to the drawings, identical or corresponding components are given the same reference numerals, and redundant descriptions thereof will be omitted. In the following, terms described as “upper” or “upper” may include not only those directly above in contact, but also those above without contact. In the following embodiments, terms such as first, second, etc. are used not in a limiting sense, but for the purpose of distinguishing one component from another component. In the following embodiments, singular expressions include plural expressions unless the context clearly indicates otherwise. In the following embodiments, terms such as "include" or "have" mean that the features or components described in the specification are present, and do not preclude the possibility that one or more other features or components may be added. In the drawings, the size of components may be exaggerated or reduced for convenience of explanation. For example, the size and thickness of each component shown in the drawings are depicted arbitrarily for convenience of explanation, so the present invention is not necessarily limited to what is illustrated. Additionally, terms such as “…part,” “…area,” etc., as described in this specification may refer to a unit that processes at least one function or operation. In an embodiment of the present disclosure, the tracker is a program that allows the owner and manager of a website to collect information about site traffic, and can process data obtained from a user terminal device accessing the website and store it in a designated storage. Here, an HTML document refers to a standard text document designed to be displayed in a web browser, and is a programming language format used to create the structure of a web page. An HTML document consists of HTML elements, which are tags enclosed in angle brackets (<, >), and ca