-
公开(公告)号:US20090119647A1
公开(公告)日:2009-05-07
申请号:US12102148
申请日:2008-04-14
申请人: Eun Young KIM , Young Tae YUN , Eung Ki PARK
发明人: Eun Young KIM , Young Tae YUN , Eung Ki PARK
IPC分类号: G06F9/44
CPC分类号: G06F21/577
摘要: Provided is a device and method for inspecting software for vulnerabilities which fuzzes the software by function. The device for inspecting software for vulnerabilities includes a target function selecting module for selecting a function of the software for vulnerabilities to be inspected, a comparison file generating module for generating a first file including the selected function and a second file not including the selected function, a binary pattern comparing module for detecting a changed or added binary pattern by comparing binary values of the first file and the second file, a test case generating module for generating at least one test case based on the detected binary pattern, and a vulnerability verifying module for inspecting vulnerabilities based on the at least one test case and generating a vulnerability inspection result. Accordingly, by intensively fuzzing a part of the software which is changed or added according to the function of the software, software vulnerabilities can be found by each function and fuzzing efficiency can be improved.
摘要翻译: 提供了一种用于检查软件的功能的软件的软件的软件的设备和方法。 用于检查软件的漏洞的装置包括:目标功能选择模块,用于选择要检查的漏洞的软件的功能;比较文件生成模块,用于生成包括所选功能的第一文件和不包括所选功能的第二文件; 用于通过比较第一文件和第二文件的二进制值来检测改变或添加的二进制模式的二进制模式比较模块,用于基于检测到的二进制模式生成至少一个测试用例的测试用例生成模块,以及漏洞验证模块 用于根据至少一个测试用例检查漏洞并生成漏洞检查结果。 因此,通过根据软件的功能对软件的一部分进行强化模糊化,可以通过各功能找到软件漏洞,从而提高模糊效率。
-
公开(公告)号:US20090157620A1
公开(公告)日:2009-06-18
申请号:US12103369
申请日:2008-04-15
申请人: Eun Young KIM , Young Tae YUN , Eung Ki PARK
发明人: Eun Young KIM , Young Tae YUN , Eung Ki PARK
IPC分类号: G06F17/30
CPC分类号: G06F16/93
摘要: Provided is a system and method for searching for a document based on a policy. The system includes: a document database for storing document files; a document format and text filer for extracting document format information and text information from a document newly stored in the document database; a document format policy module for setting a document format search policy according to an instruction from an administrator; a document text policy module for setting a document text search policy according to an instruction from the administrator; a document format information search module for searching for a document having a document format matching the set document format search policy in the document database; and a document text information search module for searching for a document having a text matching the set document text search policy in the document database.
摘要翻译: 提供了一种用于基于策略来搜索文档的系统和方法。 该系统包括:用于存储文档文件的文档数据库; 用于从新存储在文档数据库中的文档中提取文档格式信息和文本信息的文档格式和文本文件管理器; 文档格式策略模块,用于根据来自管理员的指令设置文档格式搜索策略; 文档文本策略模块,用于根据管理员的指令设置文档文本搜索策略; 文档格式信息搜索模块,用于在文档数据库中搜索具有与设置的文档格式搜索策略匹配的文档格式的文档; 以及文档文本信息搜索模块,用于在文档数据库中搜索具有与设置文档文本搜索策略相匹配的文本的文档。
-
公开(公告)号:US20100024033A1
公开(公告)日:2010-01-28
申请号:US12410636
申请日:2009-03-25
申请人: Jung Min KANG , Young Han CHOI , Do Hoon LEE , Eung Ki PARK
发明人: Jung Min KANG , Young Han CHOI , Do Hoon LEE , Eung Ki PARK
IPC分类号: G06F11/00
CPC分类号: G06F21/53 , G06F21/563 , H04L63/1466
摘要: An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code.
摘要翻译: 提供用于检测混淆的恶意网页的装置和方法,以通过对模糊的恶意代码进行混淆来查找恶意网页。 该装置包括:检测网页的源代码中是否包含混淆的代码的混淆代码检测器;通过插入用于将模糊化代码混淆到源代码中的功能来重新配置源代码的去模糊功能插入器;解扰器, 被插入到重新配置的源代码中的功能调用,并且对混淆的代码进行混淆,以及使用去模糊化代码来检测恶意代码的恶意代码检测器。
-
-
搜索结果
3 条记录 (耗时 0.022 秒)
