公开(公告)号：US08464340B2

公开(公告)日：2013-06-11

申请号：US12038378

申请日：2008-02-27

申请人： Tae Jin Ahn ,  Taejoon Park

发明人： Tae Jin Ahn ,  Taejoon Park

IPC分类号： G06F11/00

CPC分类号： H04L63/1416 ,  G06F21/564

摘要： An immunization system including: an immunization client apparatus which determines whether a target code is a malicious code by performing an immunization operation with respect to a first immunization signature and a code signature that is extracted from the target code and reports the result of the determination to an immunization server; and the immunization server which diagnoses whether the target code is the malicious code, updates a second immunization signature based on the reported result of the determination, and transmits to the immunization client apparatus an update message about the updated second immunization signature, wherein the immunization client apparatus updates the first immunization signature based on the received update message is provided.

摘要翻译： 一种免疫系统，包括：免疫客户端装置，其通过对从所述目标代码提取的第一免疫签名和代码签名进行免疫操作来确定目标代码是否是恶意代码，并将所述确定结果报告给 免疫服务器; 以及诊断目标代码是否是恶意代码的免疫服务器，基于所述确定的报告结果来更新第二免疫签名，并向所述免疫客户端装置发送关于所述更新的第二免疫签名的更新消息，其中所述免疫客户端 提供了基于接收到的更新消息来更新第一免疫签名的装置。

公开(公告)号：US20090064328A1

公开(公告)日：2009-03-05

申请号：US12038378

申请日：2008-02-27

申请人： Tae Jin Ahn ,  Taejoon Park

发明人： Tae Jin Ahn ,  Taejoon Park

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  G06F21/564

摘要： An immunization system including: an immunization client apparatus which determines whether a target code is a malicious code by performing an immunization operation with respect to a first immunization signature and a code signature that is extracted from the target code and reports the result of the determination to an immunization server; and the immunization server which diagnoses whether the target code is the malicious code, updates a second immunization signature based on the reported result of the determination, and transmits to the immunization client apparatus an update message about the updated second immunization signature, wherein the immunization client apparatus updates the first immunization signature based on the received update message is provided.

摘要翻译： 一种免疫系统，包括：免疫客户端装置，其通过对从所述目标代码提取的第一免疫签名和代码签名进行免疫操作来确定目标代码是否是恶意代码，并将所述确定结果报告给 免疫服务器; 以及诊断目标代码是否是恶意代码的免疫服务器，基于所述确定的报告结果来更新第二免疫签名，并向所述免疫客户端装置发送关于所述更新的第二免疫签名的更新消息，其中所述免疫客户端 提供了基于接收到的更新消息来更新第一免疫签名的装置。

公开(公告)号：US20080184369A1

公开(公告)日：2008-07-31

申请号：US11874348

申请日：2007-10-18

申请人： Tae Jin AHN ,  Taejoon Park ,  Tae-Chul Jung

发明人： Tae Jin AHN ,  Taejoon Park ,  Tae-Chul Jung

IPC分类号： G06F21/00

CPC分类号： G06F21/56 ,  G06F21/564

摘要： An apparatus and method of detecting an intrusion code is provided. The apparatus for detecting an intrusion code includes: a set value input unit in which a set value differentiated for each group is input; an immune database generation unit which generates an immune database, based on the set value; and an intrusion code determination unit which determines whether data corresponds to an intrusion code, based on the generated immune database.

摘要翻译： 提供了一种检测入侵码的设备和方法。 用于检测入侵码的装置包括：设定值输入单元，其中输入针对每个组区分的设定值; 免疫数据库生成单元，其基于所述设定值生成免疫数据库; 以及入侵码确定单元，其基于所生成的免疫数据库来确定数据是否对应于入侵码。

公开(公告)号：US08205256B2

公开(公告)日：2012-06-19

申请号：US11874348

申请日：2007-10-18

申请人： Tae Jin Ahn ,  Taejoon Park ,  Tae-Chul Jung

发明人： Tae Jin Ahn ,  Taejoon Park ,  Tae-Chul Jung

IPC分类号： H04L29/06

CPC分类号： G06F21/56 ,  G06F21/564

摘要： An apparatus and method of detecting an intrusion code is provided. The apparatus for detecting an intrusion code includes: a set value input unit in which a set value differentiated for each group is input; an immune database generation unit which generates an immune database, based on the set value; and an intrusion code determination unit which determines whether data corresponds to an intrusion code, based on the generated immune database.

摘要翻译： 提供了一种检测入侵码的设备和方法。 用于检测入侵码的装置包括：设定值输入单元，其中输入针对每个组区分的设定值; 免疫数据库生成单元，其基于所述设定值生成免疫数据库; 以及入侵码确定单元，其基于所生成的免疫数据库来确定数据是否对应于入侵码。

公开(公告)号：US08448248B2

公开(公告)日：2013-05-21

申请号：US12056236

申请日：2008-03-26

申请人： Abhijit Bose ,  Taejoon Park ,  Kang Geun Shin ,  Xin Hu

发明人： Abhijit Bose ,  Taejoon Park ,  Kang Geun Shin ,  Xin Hu

IPC分类号： G06F11/00

CPC分类号： G06F21/568 ,  G06F21/566

摘要： An apparatus and method of diagnosing whether a program executed in a computer system is malware and repairing the computer system infected by malware. The apparatus includes a receiving unit which receives a first behavior vector for the malware from a malware control server; a determination unit which determines whether a diagnostic target program corresponds to malware based on the received first behavior vector and a second behavior vector for the diagnostic target program; and a repair unit which repairs the computer system based on a result of the determination.A behavior of a computer program executed in the computer system may be modeled in real time.

摘要翻译： 诊断在计算机系统中执行的程序是否是恶意软件并修复被恶意软件感染的计算机系统的装置和方法。 该装置包括从恶意软件控制服务器接收恶意软件的第一行为向量的接收单元; 确定单元，其基于所接收的第一行为向量和用于诊断目标程序的第二行为向量来确定诊断目标程序是否对应​​于恶意软件; 以及基于确定结果修复计算机系统的修理单元。 计算机系统中执行的计算机程序的行为可以被实时建模。

公开(公告)号：US20090019546A1

公开(公告)日：2009-01-15

申请号：US12106144

申请日：2008-04-18

申请人： Taejoon Park ,  Kang Guen SHIN ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Guen SHIN ,  Xin Hu ,  Abhijit Bose

IPC分类号： G06F21/00

CPC分类号： G06F21/55 ,  G06F21/552 ,  G06F21/57

摘要： A method and apparatus for modeling a behavior of a computer program that is executed in a computer system is described. The method and apparatus for modeling a behavior of a computer program may be used to detect a malicious program based on the behavior of the computer program. A method includes collecting system use information about resources of the computer system the computer program uses; extracting a behavior signature of the computer program from the collected system use information; and encoding the extracted behavior signature to generate a behavior vector. As a result, behaviors of a particular computer program may be modeled to enable a malicious program detection program and to determine whether the computer program is either normal or malicious.

摘要翻译： 描述了用于对在计算机系统中执行的计算机程序的行为进行建模的方法和装置。 用于对计算机程序的行为建模的方法和装置可以用于基于计算机程序的行为来检测恶意程序。 一种方法包括收集关于计算机程序使用的计算机系统的资源的系统使用信息; 从收集的系统使用信息中提取计算机程序的行为签名; 并对所提取的行为签名进行编码以生成行为向量。 因此，可以对特定计算机程序的行为进行建模以实现恶意程序检测程序并确定计算机程序是正常还是恶意。

公开(公告)号：US20090049549A1

公开(公告)日：2009-02-19

申请号：US12099649

申请日：2008-04-08

申请人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

IPC分类号： G06F11/30 ,  G06F7/04

CPC分类号： G06F21/552 ,  G06F21/55 ,  G06F21/56

摘要： An apparatus and method of diagnosing whether a computer program executed in a computer system is a malicious program and more particularly, an apparatus and method of diagnosing whether a computer program is a malicious program using a behavior of a computer program, and an apparatus and method of generating malicious code diagnostic data is provided. The apparatus for diagnosing a malicious code may include a behavior vector generation unit which generates a first behavior vector based on a behavior signature extracted from a diagnostic target program; a diagnostic data storage unit which stores a plurality of second behavior vectors for a plurality of sample programs predetermined to be malicious or normal; and a code diagnostic unit which diagnoses whether the diagnostic target program is a malicious code by comparing the first behavior vector with the plurality of second behavior vectors.

摘要翻译： 一种用于诊断在计算机系统中执行的计算机程序是否是恶意程序的装置和方法，更具体地，涉及使用计算机程序的行为来诊断计算机程序是恶意程序的装置和方法，以及装置和方法 提供了生成恶意代码诊断数据。 用于诊断恶意代码的装置可以包括行为向量生成单元，其基于从诊断目标程序提取的行为签名来生成第一行为向量; 诊断数据存储单元，其存储预定为恶意或正常的多个样本程序的多个第二行为向量; 以及代码诊断单元，其通过将所述第一行为向量与所述多个第二行为向量进行比较来诊断所述诊断对象程序是否是恶意代码。

公开(公告)号：US20090031162A1

公开(公告)日：2009-01-29

申请号：US12056236

申请日：2008-03-26

申请人： Abhijit BOSE ,  Taejoon Park ,  Kang Geun Shin ,  Xin Hu

发明人： Abhijit BOSE ,  Taejoon Park ,  Kang Geun Shin ,  Xin Hu

IPC分类号： G06F11/00

CPC分类号： G06F21/568 ,  G06F21/566

摘要： An apparatus and method of diagnosing whether a program executed in a computer system is malware and repairing the computer system infected by malware. The apparatus includes a receiving unit which receives a first behavior vector for the malware from a malware control server; a determination unit which determines whether a diagnostic target program corresponds to malware based on the received first behavior vector and a second behavior vector for the diagnostic target program; and a repair unit which repairs the computer system based on a result of the determination.A behavior of a computer program executed in the computer system may be modeled in real time.

摘要翻译： 诊断在计算机系统中执行的程序是否是恶意软件并修复被恶意软件感染的计算机系统的装置和方法。 该装置包括从恶意软件控制服务器接收恶意软件的第一行为向量的接收单元; 确定单元，其基于所接收的第一行为向量和用于诊断目标程序的第二行为向量来确定诊断目标程序是否对应​​于恶意软件; 以及基于确定结果修复计算机系统的修理单元。 计算机系统中执行的计算机程序的行为可以被实时建模。

公开(公告)号：US08713680B2

公开(公告)日：2014-04-29

申请号：US12106144

申请日：2008-04-18

申请人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

IPC分类号： H04L29/06 ,  G06F21/55

CPC分类号： G06F21/55 ,  G06F21/552 ,  G06F21/57

摘要： A method and apparatus for modeling a behavior of a computer program that is executed in a computer system is described. The method and apparatus for modeling a behavior of a computer program may be used to detect a malicious program based on the behavior of the computer program. A method includes collecting system use information about resources of the computer system the computer program uses; extracting a behavior signature of the computer program from the collected system use information; and encoding the extracted behavior signature to generate a behavior vector. As a result, behaviors of a particular computer program may be modeled to enable a malicious program detection program and to determine whether the computer program is either normal or malicious.

摘要翻译： 描述了用于对在计算机系统中执行的计算机程序的行为进行建模的方法和装置。 用于对计算机程序的行为建模的方法和装置可以用于基于计算机程序的行为来检测恶意程序。 一种方法包括收集关于计算机程序使用的计算机系统的资源的系统使用信息; 从收集的系统使用信息中提取计算机程序的行为签名; 并对所提取的行为签名进行编码以生成行为向量。 因此，可以对特定计算机程序的行为进行建模以实现恶意程序检测程序并确定计算机程序是正常还是恶意。

公开(公告)号：US08245295B2

公开(公告)日：2012-08-14

申请号：US12099649

申请日：2008-04-08

申请人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

发明人： Taejoon Park ,  Kang Geun Shin ,  Xin Hu ,  Abhijit Bose

IPC分类号： H04L29/06 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F21/00 ,  G08B23/00 ,  H04L9/32

CPC分类号： G06F21/552 ,  G06F21/55 ,  G06F21/56

摘要： An apparatus and method of diagnosing whether a computer program executed in a computer system is a malicious program and more particularly, an apparatus and method of diagnosing whether a computer program is a malicious program using a behavior of a computer program, and an apparatus and method of generating malicious code diagnostic data is provided. The apparatus for diagnosing a malicious code may include a behavior vector generation unit which generates a first behavior vector based on a behavior signature extracted from a diagnostic target program; a diagnostic data storage unit which stores a plurality of second behavior vectors for a plurality of sample programs predetermined to be malicious or normal; and a code diagnostic unit which diagnoses whether the diagnostic target program is a malicious code by comparing the first behavior vector with the plurality of second behavior vectors.

摘要翻译： 一种用于诊断在计算机系统中执行的计算机程序是否是恶意程序的装置和方法，更具体地，涉及使用计算机程序的行为来诊断计算机程序是恶意程序的装置和方法，以及装置和方法 提供了生成恶意代码诊断数据。 用于诊断恶意代码的装置可以包括行为向量生成单元，其基于从诊断目标程序提取的行为签名来生成第一行为向量; 诊断数据存储单元，其存储预定为恶意或正常的多个样本程序的多个第二行为向量; 以及代码诊断单元，其通过将所述第一行为向量与所述多个第二行为向量进行比较来诊断所述诊断对象程序是否是恶意代码。