-
1.发明申请METHOD AND APPARATUS FOR DIAGNOSING MALICOUS FILE, AND METHOD AND APPARATUS FOR MONITORING MALICOUS FILE 审中-公开用于诊断恶性病毒文件的方法和装置,以及用于监测恶性病毒文件的方法和装置公开(公告)号:US20120167222A1
公开(公告)日:2012-06-28
申请号:US13335811
申请日:2011-12-22
申请人: Ik Kyun KIM , Yang-Seo CHOI , Byoung-Koo KIM , Seung Yong YOON , Youngjun HEO , Dae Won KIM , Il AHN CHEONG , Jintae OH , Jong Soo JANG
发明人: Ik Kyun KIM , Yang-Seo CHOI , Byoung-Koo KIM , Seung Yong YOON , Youngjun HEO , Dae Won KIM , Il AHN CHEONG , Jintae OH , Jong Soo JANG
IPC分类号: G06F21/00
CPC分类号: G06F21/563
摘要: An apparatus for diagnosing malicious files includes a information transferring unit configured to receive information regarding a malicious file distributed in a management network and an execution file generated by assembling packets collected from the management network; an anti-virus engine configured to determine whether or not the execution file is malicious to generate information regarding a new malicious file; and a management unit configured to transfer the information regarding the malicious file and the information regarding the new malicious file to a terminal device on the management network through the information transferring unit.
摘要翻译: 用于诊断恶意文件的装置包括:信息传送单元,被配置为接收关于分发在管理网络中的恶意文件的信息和通过组合从管理网络收集的分组而生成的执行文件; 配置为确定所述执行文件是否是恶意的以产生关于新的恶意文件的信息的反病毒引擎; 以及管理单元,被配置为通过信息传送单元将关于恶意文件的信息和关于新的恶意文件的信息传送到管理网络上的终端设备。
-
公开(公告)号:US20090158431A1
公开(公告)日:2009-06-18
申请号:US12333490
申请日:2008-12-12
申请人: Dae Won KIM , Ik Kyun KIM , Yang Seo CHOI , Seung Yong YOON , Byoung Koo KIM , Jin Tae OH , Jong Soo JANG
发明人: Dae Won KIM , Ik Kyun KIM , Yang Seo CHOI , Seung Yong YOON , Byoung Koo KIM , Jin Tae OH , Jong Soo JANG
IPC分类号: G06F11/00
CPC分类号: H04L63/1416 , G06F21/566
摘要: There is provided a method of detecting a polymorphic shell code. The decoding routine of the polymorphic shell code is detected from received data. In order for the decoding routine to access the address of an encoded code, the address of a currently executed code is stored in a stack, the value is moved in a register table, and it is determined whether the value is actually used for operating a memory. Emulation is finally performed and the degree of correctness of detection is improved. Therefore, time spent on detecting the polymorphic shell code and an overhead are reduced and the correctness of detection is increased.
摘要翻译: 提供了一种检测多态shell代码的方法。 从接收的数据中检测多态shell码的解码程序。 为了使解码程序访问编码的地址,当前执行的代码的地址被存储在堆栈中,该值被移动到寄存器表中,并且确定该值是否实际用于操作 记忆。 最后进行仿真,提高检测的正确性。 因此,用于检测多态shell代码和开销的时间减少,并且检测的正确性增加。
-
3.发明申请METHOD AND APPARATUS FOR DEFENDING DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACK THROUGH ABNORMALLY TERMINATED SESSION 有权通过异常终止会话保护分布式服务(DDOS)攻击的方法和装置公开(公告)号:US20130074183A1
公开(公告)日:2013-03-21
申请号:US13612749
申请日:2012-09-12
申请人: Seung Yong YOON
发明人: Seung Yong YOON
IPC分类号: G06F21/00
CPC分类号: G06F21/00 , H04L63/0254 , H04L63/1458 , H04L63/166
摘要: There are provided a method and apparatus for defending a Distributed Denial-of-Service (DDoS) attack through abnormally terminated sessions. The DDoS attack defending apparatus includes: a session tracing unit configured to parse collected packets, to extract header information from the collected packets, to trace one or more abnormally terminated sessions corresponding to one of pre-defined abnormally terminated session cases, based on the header information, and then to count the number of the abnormally terminated sessions; and an attack detector configured to compare the number of the abnormally terminated sessions to a predetermined threshold value, and to determine whether a DDoS attack has occurred, according to the results of the comparison. Therefore, it is possible to significantly reduce a false-positive rate of detection of a DDoS attack and the amount of computation for detection of a DDoS attack.
摘要翻译: 提供了通过异常终止的会话来防御分布式拒绝服务(DDoS)攻击的方法和装置。 DDoS攻击防御装置包括:会话跟踪单元,被配置为解析收集的报文,从收集的报文中提取报头信息,根据报头跟踪一个或多个对应于预定义异常终止的会话情况的异常终止的会话 信息,然后计算异常终止的会话的数量; 以及攻击检测器,被配置为根据比较的结果将异常终止的会话的数量与预定阈值进行比较,并且确定是否已经发生DDoS攻击。 因此,可以显着降低DDoS攻击的检测的假阳性率和DDoS攻击检测的计算量。
-
4.发明申请SYSTEM AND METHOD FOR DETERMINING APPLICATION LAYER-BASED SLOW DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACK 有权用于确定应用层慢速分布式服务(DDoS)攻击的系统和方法公开(公告)号:US20130042322A1
公开(公告)日:2013-02-14
申请号:US13572230
申请日:2012-08-10
申请人: Seung Yong YOON
发明人: Seung Yong YOON
IPC分类号: G06F21/00
CPC分类号: H04L63/1458 , G06F21/554 , H04L63/0254
摘要: A technology for defending a Distributed Denial-of-Service (DDoS) attack is provided. A system for determining an application layer-based slow DDoS attack may include a packet collecting unit to collect a packet in a network, a packet parsing unit to extract at least one header field from the collected packet, and a DDoS attack determining unit to determine whether a DDoS attack against the packet is detected, using a session table and a flow table.
摘要翻译: 提供了一种防御分布式拒绝服务(DDoS)攻击的技术。 用于确定基于应用层的慢DDoS攻击的系统可以包括:收集网络中的分组的分组收集单元,从收集的分组提取至少一个报头字段的分组解析单元,以及DDoS攻击确定单元, 是否检测到针对数据包的DDoS攻击,使用会话表和流表。
-
-
-
搜索结果
4 条记录 (耗时 0.059 秒)
