-
公开(公告)号:US20120233692A1
公开(公告)日:2012-09-13
申请号:US13505858
申请日:2010-11-01
申请人: Ju Hyun Oh , Chang Woo Lee , Chong Phil Park
发明人: Ju Hyun Oh , Chang Woo Lee , Chong Phil Park
IPC分类号: G06F21/00
CPC分类号: H04L63/168 , G06F21/52 , H04L63/1441
摘要: The invention relates to an apparatus for detecting malicious sites, comprising: a monitoring unit for monitoring all processes being executed in a computing apparatus; a hook code insertion unit for inserting a hook code in a process executed in a browser when the execution of the browser is detected by the monitoring unit; a danger level determining unit that, upon the detection of a website movement, uses the hook code to inspect a stack structure of a process implemented according to the website movement and determine whether or not to perform the stack structure inspection, and determines whether or not the website to which the movement has been made is a malicious site; and a database for storing a list of sites determined to be malicious.
摘要翻译: 本发明涉及一种用于检测恶意站点的装置,包括:监视单元,用于监视在计算设备中执行的所有进程; 钩子代码插入单元,用于在由监视单元检测到浏览器的执行时,在浏览器中执行的处理中插入挂钩代码; 危险度确定单元,其在检测到网站移动时使用所述挂钩代码来检查根据所述网站移动实现的处理的堆栈结构,并且确定是否执行所述堆栈结构检查,并且确定是否执行所述堆栈结构检查 运动所在的网站是恶意网站; 以及用于存储确定为恶意的站点列表的数据库。
-
公开(公告)号:US08745740B2
公开(公告)日:2014-06-03
申请号:US13505858
申请日:2010-11-01
申请人: Ju Hyun Oh , Chang Woo Lee , Chong Phil Park
发明人: Ju Hyun Oh , Chang Woo Lee , Chong Phil Park
CPC分类号: H04L63/168 , G06F21/52 , H04L63/1441
摘要: The invention relates to an apparatus for detecting malicious sites, comprising: a monitoring unit for monitoring all processes being executed in a computing apparatus; a hook code insertion unit for inserting a hook code in a process executed in a browser when the execution of the browser is detected by the monitoring unit; a danger level determining unit that, upon the detection of a website movement, uses the hook code to inspect a stack structure of a process implemented according to the website movement and determine whether or not to perform the stack structure inspection, and determines whether or not the website to which the movement has been made is a malicious site; and a database for storing a list of sites determined to be malicious.
摘要翻译: 本发明涉及一种用于检测恶意站点的装置,包括:监视单元,用于监视在计算设备中执行的所有进程; 钩子代码插入单元,用于在由监视单元检测到浏览器的执行时,在浏览器中执行的处理中插入挂钩代码; 危险度确定单元,其在检测到网站移动时使用所述挂钩代码来检查根据所述网站移动实现的处理的堆栈结构,并且确定是否执行所述堆栈结构检查,并且确定是否执行所述堆栈结构检查 运动所在的网站是恶意网站; 以及用于存储确定为恶意的站点列表的数据库。
-