专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120167222A1 METHOD AND APPARATUS FOR DIAGNOSING MALICOUS FILE, AND METHOD AND APPARATUS FOR MONITORING MALICOUS FILE 审中-公开
标题翻译：用于诊断恶性病毒文件的方法和装置，以及用于监测恶性病毒文件的方法和装置
公开(公告)号：US20120167222A1
公开(公告)日：2012-06-28
申请号：US13335811
申请日：2011-12-22
申请人： Ik Kyun KIM , Yang-Seo CHOI , Byoung-Koo KIM , Seung Yong YOON , Youngjun HEO , Dae Won KIM , Il AHN CHEONG , Jintae OH , Jong Soo JANG
发明人： Ik Kyun KIM , Yang-Seo CHOI , Byoung-Koo KIM , Seung Yong YOON , Youngjun HEO , Dae Won KIM , Il AHN CHEONG , Jintae OH , Jong Soo JANG
IPC分类号： G06F21/00
CPC分类号： G06F21/563
摘要： An apparatus for diagnosing malicious files includes a information transferring unit configured to receive information regarding a malicious file distributed in a management network and an execution file generated by assembling packets collected from the management network; an anti-virus engine configured to determine whether or not the execution file is malicious to generate information regarding a new malicious file; and a management unit configured to transfer the information regarding the malicious file and the information regarding the new malicious file to a terminal device on the management network through the information transferring unit.
摘要翻译：用于诊断恶意文件的装置包括：信息传送单元，被配置为接收关于分发在管理网络中的恶意文件的信息和通过组合从管理网络收集的分组而生成的执行文件; 配置为确定所述执行文件是否是恶意的以产生关于新的恶意文件的信息的反病毒引擎; 以及管理单元，被配置为通过信息传送单元将关于恶意文件的信息和关于新的恶意文件的信息传送到管理网络上的终端设备。

2. 发明申请

US20090158431A1 METHOD OF DETECTING POLYMORPHIC SHELL CODE 审中-公开
标题翻译：检测多晶壳代码的方法
公开(公告)号：US20090158431A1
公开(公告)日：2009-06-18
申请号：US12333490
申请日：2008-12-12
申请人： Dae Won KIM , Ik Kyun KIM , Yang Seo CHOI , Seung Yong YOON , Byoung Koo KIM , Jin Tae OH , Jong Soo JANG
发明人： Dae Won KIM , Ik Kyun KIM , Yang Seo CHOI , Seung Yong YOON , Byoung Koo KIM , Jin Tae OH , Jong Soo JANG
IPC分类号： G06F11/00
CPC分类号： H04L63/1416 , G06F21/566
摘要： There is provided a method of detecting a polymorphic shell code. The decoding routine of the polymorphic shell code is detected from received data. In order for the decoding routine to access the address of an encoded code, the address of a currently executed code is stored in a stack, the value is moved in a register table, and it is determined whether the value is actually used for operating a memory. Emulation is finally performed and the degree of correctness of detection is improved. Therefore, time spent on detecting the polymorphic shell code and an overhead are reduced and the correctness of detection is increased.
摘要翻译：提供了一种检测多态shell代码的方法。从接收的数据中检测多态shell码的解码程序。为了使解码程序访问编码的地址，当前执行的代码的地址被存储在堆栈中，该值被移动到寄存器表中，并且确定该值是否实际用于操作记忆。最后进行仿真，提高检测的正确性。因此，用于检测多态shell代码和开销的时间减少，并且检测的正确性增加。

3. 发明申请

US20080083034A1 ATTACK CLASSIFICATION METHOD FOR COMPUTER NETWORK SECURITY 审中-公开
标题翻译：用于计算机网络安全的攻击分类方法
公开(公告)号：US20080083034A1
公开(公告)日：2008-04-03
申请号：US11757701
申请日：2007-06-04
申请人： Dae Won KIM , Yang Seo CHOI , Ik Kyun KIM , Jin Tae OH , Jong Soo JANG
发明人： Dae Won KIM , Yang Seo CHOI , Ik Kyun KIM , Jin Tae OH , Jong Soo JANG
IPC分类号： G08B23/00
CPC分类号： H04L63/1433 , G06F21/552
摘要： Provided is an attack classification method for computer network security. In the attack classification method, attacks are classified depending on vulnerability abused by an attack, attack propagation skills, and attack intentions. The classification results are arranged in the order of the vulnerability abused by an attack, the attack propagation skills, and the attack intentions. The arranged classification results are output. Accordingly, it is possible to easily detect an attack flow where an attack A propagates in the propagation skill C using the vulnerability B and the attack skill F is used for the attack target E to achieve the attack purpose D.
摘要翻译：提供了一种计算机网络安全的攻击分类方法。在攻击分类方法中，攻击根据攻击被攻击的漏洞，攻击传播技能和攻击意图所分类。分类结果按照攻击的漏洞攻击，攻击传播技能和攻击意图的排列顺序排列。输出排列的分类结果。因此，可以容易地检测攻击A在传播技巧C中使用漏洞B传播的攻击流，并且攻击技能F用于攻击目标E以实现攻击目的D.

4. 发明申请

US20080104702A1 NETWORK-BASED INTERNET WORM DETECTION APPARATUS AND METHOD USING VULNERABILITY ANALYSIS AND ATTACK MODELING 审中-公开
标题翻译：基于网络的互联网检测装置和使用易受攻击性分析和攻击建模的方法
公开(公告)号：US20080104702A1
公开(公告)日：2008-05-01
申请号：US11685940
申请日：2007-03-14
申请人： Yang Seo CHOI , Dae Won KIM , Ik Kyun KIM , Jin Tae OH
发明人： Yang Seo CHOI , Dae Won KIM , Ik Kyun KIM , Jin Tae OH
IPC分类号： G06F11/00
CPC分类号： H04L63/145
摘要： The present invention relates to a network-based Internet worm detection apparatus and method using vulnerability analysis and attack modeling. In the network-based Internet worm detection apparatus, a vulnerability information storage unit stores the vulnerability information of an application program that is necessary for attack detection. A threat determiner determines whether a packet transmitted over a network is destined for a vulnerable application program with vulnerability. A packet content extractor extracts, using the vulnerability information, information for determination of an attack packet from the packet determined to be destined for the vulnerable application program. An attack determiner compares and analyzes the extracted information and the vulnerability information to determine whether the packet is an attack packet. The vulnerability information of the application program and attack modeling are used to detect an Internet worm, thereby making it possible to counteract the attack packet. In addition, only a portion of information belonging to a specific session of a segmented or disordered packet is stored, thereby making it possible to increase the use efficiency of a storage device and to reduce the resource necessary for processing a packet.
摘要翻译：本发明涉及一种使用漏洞分析和攻击建模的基于网络的互联网蠕虫检测装置和方法。在基于网络的互联网蠕虫检测装置中，漏洞信息存储单元存储攻击检测所必需的应用程序的漏洞信息。威胁确定器确定通过网络发送的数据包是否发往具有漏洞的易受攻击的应用程序。分组内容提取器使用该漏洞信息提取用于确定来自确定为易受攻击的应用程序的分组的分组的攻击分组的信息。攻击确定器比较和分析提取的信息和漏洞信息，以确定数据包是否是攻击数据包。应用程序的漏洞信息和攻击建模用于检测Internet蠕虫，从而可以抵御攻击报文。此外，仅存储属于分段或无序分组的特定会话的信息的一部分，从而可以提高存储设备的使用效率并减少处理分组所需的资源。

5. 发明申请

US20100153421A1 DEVICE AND METHOD FOR DETECTING PACKED PE FILE 审中-公开
标题翻译：用于检测包装PE文件的装置和方法
公开(公告)号：US20100153421A1
公开(公告)日：2010-06-17
申请号：US12434166
申请日：2009-05-01
申请人： Yang Seo CHOI , Ik Kyun KIM , Jin Tae OH , Jae Cheol RYOU
发明人： Yang Seo CHOI , Ik Kyun KIM , Jin Tae OH , Jae Cheol RYOU
IPC分类号： G06F7/20 , G06F17/30
CPC分类号： G06F16/258
摘要： The present invention discloses a device and method for detecting a packed PE (portable executable) file. In the device and method for detecting a packed PE file, information for detecting packing are extracted by analyzing the header of a target file, and a record containing characteristic values shown only in a packed PE file is created by using the extracted information. The packing of the target file is detected by calculating the similarity with a PE file which is not packed based on the created record and comparing it with a derived threshold value. Therefore, a packed PE file can be detected even if it is packed by a packing method which is not well-known.
摘要翻译：本发明公开了一种用于检测打包PE（便携式可执行文件）文件的装置和方法。在用于检测打包的PE文件的装置和方法中，通过分析目标文件的标题来提取用于检测打包的信息，并且通过使用所提取的信息来创建仅包含在打包的PE文件中的仅包含特征值的记录。通过计算与基于创建的记录不打包的PE文件的相似度并将其与导出的阈值进行比较来检测目标文件的打包。因此，即使打包的PE文件由不是众所周知的打包方法打包也可以被检测。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式