-
1.发明授权System and method of detecting anomaly malicious code by using process behavior prediction technique 有权使用过程行为预测技术检测异常恶意代码的系统和方法公开(公告)号:US08181248B2
公开(公告)日:2012-05-15
申请号:US11944268
申请日:2007-11-21
申请人: HyungGeun Oh , Seung-Hyun Paek , Cheolho Lee , DoHoon Lee
发明人: HyungGeun Oh , Seung-Hyun Paek , Cheolho Lee , DoHoon Lee
IPC分类号: G08B23/00 , H04L29/06 , H04L9/32 , G06F12/14 , G06F15/173
CPC分类号: G06F21/552 , G06F21/56
摘要: Provided are a pattern analyzing/detecting method and a system using the same that are capable of detecting and effectively preventing an unknown malicious code attack. To detect such an attack, the method monitors the system to combine all behaviors exhibited within the system due to corresponding malicious codes, reprocess and learn the behaviors, analyze existing malicious behavior feature values (prediction patterns), and compare them with a behavior pattern exhibited by an execution code.
摘要翻译: 提供了一种模式分析/检测方法和使用该模式分析/检测方法的系统,其能够检测并有效地防止未知的恶意代码攻击。 为了检测这种攻击,该方法监控系统由于相应的恶意代码,重新处理和学习行为,分析现有的恶意行为特征值(预测模式),并将其与展示的行为模式进行比较,结合系统内展现的所有行为 通过执行代码。
-
2.发明授权Method for recognizing information flow and detecting information leakage by analyzing user's behaviors 有权通过分析用户行为识别信息流和检测信息泄漏的方法公开(公告)号:US08181224B2
公开(公告)日:2012-05-15
申请号:US12039930
申请日:2008-02-29
申请人: Cheolho Lee , Kiwook Sohn
发明人: Cheolho Lee , Kiwook Sohn
IPC分类号: G06F7/04
CPC分类号: G06F21/554
摘要: A method for analyzing user's behaviors is provided. API function call patterns occurring when operations on various objects are performed on a computer system are configured with contexts. User's behaviors are recognized as associations between the contexts and systematically expressed. Information flow occurring in the user's behaviors (i.e., associations between the contexts) is tracked. The information flow chain is divided into a source and a destination. When the information flow a confidential object to a leakage point occurs, the information leakage is rapidly detected and blocked. By exactly recognizing behaviors belonging to the corresponding information flow chain, user's behaviors related to the information leakage can be detected. Furthermore, the behavior expression based on the contexts configured with the API function call patterns with respect to the system object can be achieved by naturally connecting the API function call occurring on the system as an abstract behavior.
摘要翻译: 提供了一种分析用户行为的方法。 在计算机系统上执行对各种对象的操作时发生的API函数调用模式配置有上下文。 用户的行为被认为是上下文之间的关联和系统表达。 跟踪用户行为中发生的信息流(即上下文之间的关联)。 信息流链分为源和目的地。 当信息流向机密对象到泄漏点时,信息泄漏被快速检测和阻止。 通过准确识别属于相应信息流链的行为,可以检测到与信息泄漏有关的用户行为。 此外,可以通过自然地将系统上发生的API函数调用作为抽象行为来实现基于配置有关于系统对象的API函数调用模式的上下文的行为表达。
-
搜索结果
2 条记录 (耗时 0.017 秒)
