利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

5 条记录 (耗时 0.033 秒)

    METHOD OF DETECTING POLYMORPHIC SHELL CODE
    1.
    发明申请
    METHOD OF DETECTING POLYMORPHIC SHELL CODE 审中-公开
    检测多晶壳代码的方法

    公开(公告)号:US20090158431A1

    公开(公告)日:2009-06-18

    申请号:US12333490

    申请日:2008-12-12

    申请人: Dae Won KIM Ik Kyun KIM Yang Seo CHOI Seung Yong YOON Byoung Koo KIM Jin Tae OH Jong Soo JANG

    发明人: Dae Won KIM Ik Kyun KIM Yang Seo CHOI Seung Yong YOON Byoung Koo KIM Jin Tae OH Jong Soo JANG

    IPC分类号: G06F11/00

    CPC分类号: H04L63/1416 G06F21/566

    摘要: There is provided a method of detecting a polymorphic shell code. The decoding routine of the polymorphic shell code is detected from received data. In order for the decoding routine to access the address of an encoded code, the address of a currently executed code is stored in a stack, the value is moved in a register table, and it is determined whether the value is actually used for operating a memory. Emulation is finally performed and the degree of correctness of detection is improved. Therefore, time spent on detecting the polymorphic shell code and an overhead are reduced and the correctness of detection is increased.

    摘要翻译: 提供了一种检测多态shell代码的方法。 从接收的数据中检测多态shell码的解码程序。 为了使解码程序访问编码的地址,当前执行的代码的地址被存储在堆栈中,该值被移动到寄存器表中,并且确定该值是否实际用于操作 记忆。 最后进行仿真,提高检测的正确性。 因此,用于检测多态shell代码和开销的时间减少,并且检测的正确性增加。

    ATTACK CLASSIFICATION METHOD FOR COMPUTER NETWORK SECURITY
    3.
    发明申请
    ATTACK CLASSIFICATION METHOD FOR COMPUTER NETWORK SECURITY 审中-公开
    用于计算机网络安全的攻击分类方法

    公开(公告)号:US20080083034A1

    公开(公告)日:2008-04-03

    申请号:US11757701

    申请日:2007-06-04

    申请人: Dae Won KIM Yang Seo CHOI Ik Kyun KIM Jin Tae OH Jong Soo JANG

    发明人: Dae Won KIM Yang Seo CHOI Ik Kyun KIM Jin Tae OH Jong Soo JANG

    IPC分类号: G08B23/00

    CPC分类号: H04L63/1433 G06F21/552

    摘要: Provided is an attack classification method for computer network security. In the attack classification method, attacks are classified depending on vulnerability abused by an attack, attack propagation skills, and attack intentions. The classification results are arranged in the order of the vulnerability abused by an attack, the attack propagation skills, and the attack intentions. The arranged classification results are output. Accordingly, it is possible to easily detect an attack flow where an attack A propagates in the propagation skill C using the vulnerability B and the attack skill F is used for the attack target E to achieve the attack purpose D.

    摘要翻译: 提供了一种计算机网络安全的攻击分类方法。 在攻击分类方法中,攻击根据攻击被攻击的漏洞,攻击传播技能和攻击意图所分类。 分类结果按照攻击的漏洞攻击,攻击传播技能和攻击意图的排列顺序排列。 输出排列的分类结果。 因此,可以容易地检测攻击A在传播技巧C中使用漏洞B传播的攻击流,并且攻击技能F用于攻击目标E以实现攻击目的D.

    NETWORK-BASED INTERNET WORM DETECTION APPARATUS AND METHOD USING VULNERABILITY ANALYSIS AND ATTACK MODELING
    4.
    发明申请
    NETWORK-BASED INTERNET WORM DETECTION APPARATUS AND METHOD USING VULNERABILITY ANALYSIS AND ATTACK MODELING 审中-公开
    基于网络的互联网检测装置和使用易受攻击性分析和攻击建模的方法

    公开(公告)号:US20080104702A1

    公开(公告)日:2008-05-01

    申请号:US11685940

    申请日:2007-03-14

    申请人: Yang Seo CHOI Dae Won KIM Ik Kyun KIM Jin Tae OH

    发明人: Yang Seo CHOI Dae Won KIM Ik Kyun KIM Jin Tae OH

    IPC分类号: G06F11/00

    CPC分类号: H04L63/145

    摘要: The present invention relates to a network-based Internet worm detection apparatus and method using vulnerability analysis and attack modeling. In the network-based Internet worm detection apparatus, a vulnerability information storage unit stores the vulnerability information of an application program that is necessary for attack detection. A threat determiner determines whether a packet transmitted over a network is destined for a vulnerable application program with vulnerability. A packet content extractor extracts, using the vulnerability information, information for determination of an attack packet from the packet determined to be destined for the vulnerable application program. An attack determiner compares and analyzes the extracted information and the vulnerability information to determine whether the packet is an attack packet. The vulnerability information of the application program and attack modeling are used to detect an Internet worm, thereby making it possible to counteract the attack packet. In addition, only a portion of information belonging to a specific session of a segmented or disordered packet is stored, thereby making it possible to increase the use efficiency of a storage device and to reduce the resource necessary for processing a packet.

    摘要翻译: 本发明涉及一种使用漏洞分析和攻击建模的基于网络的互联网蠕虫检测装置和方法。 在基于网络的互联网蠕虫检测装置中,漏洞信息存储单元存储攻击检测所必需的应用程序的漏洞信息。 威胁确定器确定通过网络发送的数据包是否发往具有漏洞的易受攻击的应用程序。 分组内容提取器使用该漏洞信息提取用于确定来自确定为易受攻击的应用程序的分组的分组的攻击分组的信息。 攻击确定器比较和分析提取的信息和漏洞信息,以确定数据包是否是攻击数据包。 应用程序的漏洞信息和攻击建模用于检测Internet蠕虫,从而可以抵御攻击报文。 此外,仅存储属于分段或无序分组的特定会话的信息的一部分,从而可以提高存储设备的使用效率并减少处理分组所需的资源。

    DEVICE AND METHOD FOR DETECTING PACKED PE FILE
    5.
    发明申请
    DEVICE AND METHOD FOR DETECTING PACKED PE FILE 审中-公开
    用于检测包装PE文件的装置和方法

    公开(公告)号:US20100153421A1

    公开(公告)日:2010-06-17

    申请号:US12434166

    申请日:2009-05-01

    申请人: Yang Seo CHOI Ik Kyun KIM Jin Tae OH Jae Cheol RYOU

    发明人: Yang Seo CHOI Ik Kyun KIM Jin Tae OH Jae Cheol RYOU

    IPC分类号: G06F7/20 G06F17/30

    CPC分类号: G06F16/258

    摘要: The present invention discloses a device and method for detecting a packed PE (portable executable) file. In the device and method for detecting a packed PE file, information for detecting packing are extracted by analyzing the header of a target file, and a record containing characteristic values shown only in a packed PE file is created by using the extracted information. The packing of the target file is detected by calculating the similarity with a PE file which is not packed based on the created record and comparing it with a derived threshold value. Therefore, a packed PE file can be detected even if it is packed by a packing method which is not well-known.

    摘要翻译: 本发明公开了一种用于检测打包PE(便携式可执行文件)文件的装置和方法。 在用于检测打包的PE文件的装置和方法中,通过分析目标文件的标题来提取用于检测打包的信息,并且通过使用所提取的信息来创建仅包含在打包的PE文件中的仅包含特征值的记录。 通过计算与基于创建的记录不打包的PE文件的相似度并将其与导出的阈值进行比较来检测目标文件的打包。 因此,即使打包的PE文件由不是众所周知的打包方法打包也可以被检测。