-
公开(公告)号:US09164845B2
公开(公告)日:2015-10-20
申请号:US12626783
申请日:2009-11-27
申请人: Hyun Uk Hwang , Ki Bom Kim , Tae Joo Chang , Cheol Won Lee
发明人: Hyun Uk Hwang , Ki Bom Kim , Tae Joo Chang , Cheol Won Lee
CPC分类号: G06F11/1435
摘要: Provided is a technology which searches an unallocated area to quickly extract information on a deleted partition when checking a disk and an evidence image in digital forensic, and adds a recovered partition to a forensic tool as a new partition. For this, the technology has direct access to the sector of a disk or an evidence image which is obtained, limits information search on an unallocated area only to an area satisfying the minimum size in which a partition may be created, changes an LBA-based sector access scheme into a CHS-based sector access scheme, and reads only the sector of a location having the possibility that a boot record exists to search information of a deleted partition, recovering a partition at high speed.
摘要翻译: 提供了一种搜索未分配区域以在数字取证中检查磁盘和证据图像时快速提取关于删除的分区的信息的技术,并且将恢复的分区作为新的分区添加到取证工具。 为此,该技术可以直接访问所获得的磁盘或证据图像的扇区,仅在未分配区域上的信息搜索仅限于可以创建分区的满足最小大小的区域,改变基于LBA的 扇区访问方案转换为基于CHS的扇区访问方案,并且仅读取具有引导记录存在的可能性以搜索被删除的分区的信息的位置的扇区,以高速恢复分区。
-
公开(公告)号:US09032516B2
公开(公告)日:2015-05-12
申请号:US12944100
申请日:2010-11-11
申请人: Tae Ghyoon Kim , Young Han Choi , Seok Jin Choi , Cheol Won Lee
发明人: Tae Ghyoon Kim , Young Han Choi , Seok Jin Choi , Cheol Won Lee
CPC分类号: G06F21/563 , G06F21/566
摘要: Provided are a system and method for detecting a malicious script. The system includes a script decomposition module for decomposing a web page into scripts, a static analysis module for statically analyzing the decomposed scripts in the form of a document file, a dynamic analysis module for dynamically executing and analyzing the decomposed scripts, and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. The system and method can recognize a hidden dangerous hypertext markup language (HTML) tag irrespective of an obfuscation technique for hiding a malicious script in a web page and thus can cope with an unknown obfuscation technique.
摘要翻译: 提供了用于检测恶意脚本的系统和方法。 该系统包括用于将网页分解成脚本的脚本分解模块,用于以文档文件的形式静态分析分解的脚本的静态分析模块,用于动态地执行和分析分解的脚本的动态分析模块,以及比较模块 用于比较静态分析模块的分析结果和动态分析模块的分析结果,以确定分解的脚本是否是恶意脚本。 系统和方法可以识别隐藏的危险超文本标记语言(HTML)标签,而不管用于在网页中隐藏恶意脚本的混淆技术,并且因此可以应对未知的混淆技术。
-
公开(公告)号:US08955124B2
公开(公告)日:2015-02-10
申请号:US12985252
申请日:2011-01-05
申请人: Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
发明人: Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
CPC分类号: G06F21/566
摘要: Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.
摘要翻译: 提供了一种用于检测插入到伪装的正常进程中的恶意代码的装置,系统和方法。 该装置包括恶意代码检测模块,用于提取由计算机系统上运行的进程生成的线程的信息,以识别与该线程相关的代码,初步确定所识别的代码是否是恶意的,并提取初步确定为恶意的代码 ; 以及强制恶意代码终止模块,用于基于在虚拟环境中执行的提取的代码的行为的分析结果,最终将代码确定为恶意代码,并强制终止代码的执行。
-
公开(公告)号:US07665946B2
公开(公告)日:2010-02-23
申请号:US10978967
申请日:2004-11-01
申请人: Gwang Ho Hur , Jun Young Choi , Sang Baek Lee , Cheol Won Lee
发明人: Gwang Ho Hur , Jun Young Choi , Sang Baek Lee , Cheol Won Lee
IPC分类号: H01L21/677
CPC分类号: H01L21/68707 , H01L21/67742 , Y10S414/139 , Y10S414/141
摘要: A transfer chamber for a flat display device manufacturing apparatus is provided. The transfer chamber may combine functions of a transfer chamber and a load-lock chamber. A robot may be provided aside from a center of the transfer chamber, and a buffer may be provided so as to avoid interference with the robot. An aligner may adjust a position of a substrate mounted on the buffer.
摘要翻译: 提供了一种用于平板显示装置制造装置的传送室。 传送室可以组合传送室和装载锁定室的功能。 可以从传送室的中心设置机器人,并且可以设置缓冲器以避免与机器人的干涉。 对准器可以调节安装在缓冲器上的衬底的位置。
-
公开(公告)号:US5428591A
公开(公告)日:1995-06-27
申请号:US128967
申请日:1993-09-30
申请人: Cheol-won Lee
发明人: Cheol-won Lee
IPC分类号: G11B7/00 , G11B7/085 , G11B11/105 , G11B21/08
CPC分类号: G11B11/10556 , G11B7/08541
摘要: An apparatus for compensating a track when a track crossing signal is not generated due to an offset detection flag (ODF) region or a defect of a disk, comprises a missed track compensating processor for compensating a missed track signal generated when the light beam passes through the ODF region, and a track counter for mixing a pulse signal of a monostable multivibrator with a compensation signal output from the missed track compensation processor and counting the number of tracks. Thus, the missed track signal which is generated due to the ODF region and disk defects is compensated, thereby accurately counting the number of tracks over which the light beam cross.
摘要翻译: 当由于偏移检测标志(ODF)区域或盘的缺陷而不产生轨迹交叉信号时,用于补偿轨迹的装置包括用于补偿当光束通过时产生的漏道信号的缺失轨道补偿处理器 ODF区域和用于将单稳态多谐振荡器的脉冲信号与从缺失轨道补偿处理器输出的补偿信号混合的轨道计数器,并对轨道数进行计数。 因此,由于ODF区域和盘缺陷而产生的漏道信号被补偿,从而精确地计数光束交叉的轨道数。
-
6.发明授权Virtual server and method for identifying zombie, and sinkhole server and method for integratedly managing zombie information 有权用于识别僵尸的虚拟服务器和方法,以及用于综合管理僵尸信息的沉没服务器和方法公开(公告)号:US08706866B2
公开(公告)日:2014-04-22
申请号:US12985728
申请日:2011-01-06
申请人: Sang Kyun Noh , Young Tae Yun , Dong Soo Kim , Yo Sik Kim , Yoon Jung Chung , Won Ho Kim , Yu Jung Han , Cheol Won Lee
发明人: Sang Kyun Noh , Young Tae Yun , Dong Soo Kim , Yo Sik Kim , Yoon Jung Chung , Won Ho Kim , Yu Jung Han , Cheol Won Lee
IPC分类号: G06F21/20 , G06F15/173
CPC分类号: H04L63/1458 , G06F21/44 , H04L67/146
摘要: Provided are a virtual server and method for identifying a zombie, and a sinkhole server and method for integratedly managing zombie information. The virtual server includes an authentication processing module authenticating a host using a CAPTCHA test and providing a cookie to the authenticated host when a web server access request message received from the host does not include a cookie, a cookie value verification module for extracting a cookie value from the web server access request message and verifying the extracted cookie value when the web server access request message includes a cookie, a web page access inducement module for inducing the host to access a web server when the cookie value is verified, and a zombie identification module for blocking access of the host when the cookie value is not verified, and identifying the host as a zombie when the number of blocking operations exceeds a threshold value.
摘要翻译: 提供了用于识别僵尸的虚拟服务器和方法,以及用于综合管理僵尸信息的宿窝服务器和方法。 虚拟服务器包括认证处理模块,使用CAPTCHA测试认证主机,并且当从主机接收到的web服务器访问请求消息不包括cookie时,向认证主机提供cookie,用于提取cookie值的cookie值验证模块 当web服务器访问请求消息包括cookie时,从Web服务器访问请求消息和验证提取的cookie值,当cookie值被验证时用于诱导主机访问web服务器的网页访问诱导模块,以及僵尸识别 当cookie值未被验证时阻止主机访问的模块,以及当阻塞操作次数超过阈值时将主机识别为僵尸。
-
7.发明申请DEFENSE METHOD AND DEVICE AGAINST INTELLIGENT BOTS USING MASQUERADED VIRTUAL MACHINE INFORMATION 有权使用大型虚拟机信息防御智能手机的防御方法和设备公开(公告)号:US20110271342A1
公开(公告)日:2011-11-03
申请号:US12879691
申请日:2010-09-10
申请人: Yoon Jung CHUNG , Yo Sik KIM , Won Ho KIM , Dong Soo KIM , Sang Kyun NOH , Young Tae YUN , Cheol Won LEE
发明人: Yoon Jung CHUNG , Yo Sik KIM , Won Ho KIM , Dong Soo KIM , Sang Kyun NOH , Young Tae YUN , Cheol Won LEE
IPC分类号: G06F11/00
CPC分类号: G06F9/455 , G06F21/55 , G06F21/554 , G06F21/56 , G06F21/566 , G06F2212/151 , H04L29/06877 , H04L29/06891 , H04L29/06911 , H04L29/06918 , H04L63/14 , H04L63/1416 , H04L63/1441 , H04L2463/144
摘要: A defense method and device against intelligent bots using masqueraded virtual machine information are provided. The method includes performing global hooking on a virtual machine detection request transmitted by a process, determining, on the basis of pre-stored malicious process information, whether or not, the process transmitting the virtual machine detection request corresponds to a malicious process, and when the process is found to correspond to the malicious process as a result of the determination, determining that the process is generated by the intelligent bot, and returning the masqueraded virtual machine information to the process.
摘要翻译: 提供了使用伪装的虚拟机信息的针对智能机器人的防御方法和设备。 该方法包括对由进程发送的虚拟机检测请求执行全局挂接,根据预先存储的恶意进程信息确定发送虚拟机检测请求的处理是否对应于恶意进程,以及何时 发现该过程对应于作为确定的结果的恶意进程,确定该过程由智能bot生成,并将伪装的虚拟机信息返回到该过程。
-
公开(公告)号:US20110239294A1
公开(公告)日:2011-09-29
申请号:US12944100
申请日:2010-11-11
申请人: Tae Ghyoon KIM , Young Han CHOI , Seok Jin CHOI , Cheol Won LEE
发明人: Tae Ghyoon KIM , Young Han CHOI , Seok Jin CHOI , Cheol Won LEE
IPC分类号: G06F21/00
CPC分类号: G06F21/563 , G06F21/566
摘要: Provided are a system and method for detecting a malicious script. The system includes a script decomposition module for decomposing a web page into scripts, a static analysis module for statically analyzing the decomposed scripts in the form of a document file, a dynamic analysis module for dynamically executing and analyzing the decomposed scripts, and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. The system and method can recognize a hidden dangerous hypertext markup language (HTML) tag irrespective of an obfuscation technique for hiding a malicious script in a web page and thus can cope with an unknown obfuscation technique.
摘要翻译: 提供了用于检测恶意脚本的系统和方法。 该系统包括用于将网页分解成脚本的脚本分解模块,用于以文档文件的形式静态分析分解的脚本的静态分析模块,用于动态地执行和分析分解的脚本的动态分析模块,以及比较模块 用于比较静态分析模块的分析结果和动态分析模块的分析结果,以确定分解的脚本是否是恶意脚本。 系统和方法可以识别隐藏的危险超文本标记语言(HTML)标签,而不管用于在网页中隐藏恶意脚本的混淆技术,并且因此可以应对未知的混淆技术。
-
9.发明申请公开(公告)号:US20110099639A1
公开(公告)日:2011-04-28
申请号:US12849068
申请日:2010-08-03
申请人: Hyun Uk HWANG , Ki Bom KIM , Gi Han KIM , Sung Il LEE , Tae Joo CHANG , Cheol Won LEE
发明人: Hyun Uk HWANG , Ki Bom KIM , Gi Han KIM , Sung Il LEE , Tae Joo CHANG , Cheol Won LEE
IPC分类号: H04L9/32
摘要: Provided is a technology which creates an autorun file that is used in autorun for preventing the autorun of a USB-based portable storage, thereby allowing an arbitrary user or worm virus not to manipulate the autorun file. A method for preventing autorun of portable storage accesses at least one of a master file table entry of a root directory and a master file table entry of an autorun file, and sets non-autorun in the at least one accessed master file table entry.
摘要翻译: 提供了一种创建在自动运行中使用的自动运行文件以防止基于USB的便携式存储器的自动运行的技术,从而允许任意用户或蠕虫病毒不操纵自动运行文件。 一种用于防止便携式存储器的自动运行的方法,用于访问根目录的主文件表条目和自动运行文件的主文件表条目中的至少一个,并且在至少一个所访问的主文件表条目中设置非自动运行。
-
公开(公告)号:US20110055163A1
公开(公告)日:2011-03-03
申请号:US12626783
申请日:2009-11-27
申请人: Hyun Uk HWANG , Ki Bom KIM , Tae Joo CHANG , Cheol Won LEE
发明人: Hyun Uk HWANG , Ki Bom KIM , Tae Joo CHANG , Cheol Won LEE
CPC分类号: G06F11/1435
摘要: Provided is a technology which searches an unallocated area to quickly extract information on a deleted partition when checking a disk and an evidence image in digital forensic, and adds a recovered partition to a forensic tool as a new partition. For this, the technology has direct access to the sector of a disk or an evidence image which is obtained, limits information search on an unallocated area only to an area satisfying the minimum size in which a partition may be created, changes an LBA-based sector access scheme into a CHS-based sector access scheme, and reads only the sector of a location having the possibility that a boot record exists to search information of a deleted partition, recovering a partition at high speed.
摘要翻译: 提供了一种搜索未分配区域以在数字取证中检查磁盘和证据图像时快速提取关于删除的分区的信息的技术,并且将恢复的分区作为新的分区添加到取证工具。 为此,该技术可以直接访问所获得的磁盘或证据图像的扇区,仅在未分配区域上的信息搜索仅限于可以创建分区的满足最小大小的区域,改变基于LBA的 扇区访问方案转换为基于CHS的扇区访问方案,并且仅读取具有引导记录存在的可能性以搜索被删除的分区的信息的位置的扇区,以高速恢复分区。
-
-
-
-
-
-
-
-
-
搜索结果
24 条记录 (耗时 0.015 秒)
