公开(公告)号：US20110271342A1

公开(公告)日：2011-11-03

申请号：US12879691

申请日：2010-09-10

申请人： Yoon Jung CHUNG ,  Yo Sik KIM ,  Won Ho KIM ,  Dong Soo KIM ,  Sang Kyun NOH ,  Young Tae YUN ,  Cheol Won LEE

发明人： Yoon Jung CHUNG ,  Yo Sik KIM ,  Won Ho KIM ,  Dong Soo KIM ,  Sang Kyun NOH ,  Young Tae YUN ,  Cheol Won LEE

IPC分类号： G06F11/00

CPC分类号： G06F9/455 ,  G06F21/55 ,  G06F21/554 ,  G06F21/56 ,  G06F21/566 ,  G06F2212/151 ,  H04L29/06877 ,  H04L29/06891 ,  H04L29/06911 ,  H04L29/06918 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/1441 ,  H04L2463/144

摘要： A defense method and device against intelligent bots using masqueraded virtual machine information are provided. The method includes performing global hooking on a virtual machine detection request transmitted by a process, determining, on the basis of pre-stored malicious process information, whether or not, the process transmitting the virtual machine detection request corresponds to a malicious process, and when the process is found to correspond to the malicious process as a result of the determination, determining that the process is generated by the intelligent bot, and returning the masqueraded virtual machine information to the process.

摘要翻译： 提供了使用伪装的虚拟机信息的针对智能机器人的防御方法和设备。 该方法包括对由进程发送的虚拟机检测请求执行全局挂接，根据预先存储的恶意进程信息确定发送虚拟机检测请求的处理是否对应于恶意进程，以及何时 发现该过程对应于作为确定的结果的恶意进程，确定该过程由智能bot生成，并将伪装的虚拟机信息返回到该过程。

公开(公告)号：US20090119647A1

公开(公告)日：2009-05-07

申请号：US12102148

申请日：2008-04-14

申请人： Eun Young KIM ,  Young Tae YUN ,  Eung Ki PARK

发明人： Eun Young KIM ,  Young Tae YUN ,  Eung Ki PARK

IPC分类号： G06F9/44

CPC分类号： G06F21/577

摘要： Provided is a device and method for inspecting software for vulnerabilities which fuzzes the software by function. The device for inspecting software for vulnerabilities includes a target function selecting module for selecting a function of the software for vulnerabilities to be inspected, a comparison file generating module for generating a first file including the selected function and a second file not including the selected function, a binary pattern comparing module for detecting a changed or added binary pattern by comparing binary values of the first file and the second file, a test case generating module for generating at least one test case based on the detected binary pattern, and a vulnerability verifying module for inspecting vulnerabilities based on the at least one test case and generating a vulnerability inspection result. Accordingly, by intensively fuzzing a part of the software which is changed or added according to the function of the software, software vulnerabilities can be found by each function and fuzzing efficiency can be improved.

摘要翻译： 提供了一种用于检查软件的功能的软件的软件的软件的设备和方法。 用于检查软件的漏洞的装置包括：目标功能选择模块，用于选择要检查的漏洞的软件的功能;比较文件生成模块，用于生成包括所选功能的第一文件和不包括所选功能的第二文件; 用于通过比较第一文件和第二文件的二进制值来检测改变或添加的二进制模式的二进制模式比较模块，用于基于检测到的二进制模式生成至少一个测试用例的测试用例生成模块，以及漏洞验证模块 用于根据至少一个测试用例检查漏洞并生成漏洞检查结果。 因此，通过根据软件的功能对软件的一部分进行强化模糊化，可以通过各功能找到软件漏洞，从而提高模糊效率。

公开(公告)号：US20090070876A1

公开(公告)日：2009-03-12

申请号：US12103794

申请日：2008-04-16

申请人： Yun Ju KIM ,  Young Tae YUN

发明人： Yun Ju KIM ,  Young Tae YUN

IPC分类号： G06F11/00

CPC分类号： G06F21/56

摘要： Provided are an apparatus and method for detecting a malicious process. The apparatus includes: a process monitoring unit for monitoring a process generated in a computing environment; a target process setting unit for previously setting a test target process among the processes confirmed by the process monitoring unit; a process generation time change monitoring unit for monitoring if the target process set by the target process setting unit requests to change a generation time; a generation time change preventing unit for preventing a change in the generation time of the target process when the target process requests to change the generation time; and a malicious process detecting unit for determining that a child process of the target process set by the target process setting unit is a malicious process if the child process is generated within a predetermined reference time.

摘要翻译： 提供了用于检测恶意进程的装置和方法。 该装置包括：用于监视在计算环境中生成的处理的过程监视单元; 目标处理设定单元，用于在由处理监视单元确认的处理中预先设置测试对象处理; 过程生成时间变化监视单元，用于监视由目标处理设置单元设置的目标处理是否请求改变生成时间; 当所述目标处理请求改变所述生成时间时，用于防止所述目标处理的生成时间的改变的生成时间改变防止单元; 以及恶意处理检测单元，用于如果在预定参考时间内生成子进程，则确定由目标处理设置单元设置的目标进程的子进程是恶意进程。

公开(公告)号：US20090157620A1

公开(公告)日：2009-06-18

申请号：US12103369

申请日：2008-04-15

申请人： Eun Young KIM ,  Young Tae YUN ,  Eung Ki PARK

发明人： Eun Young KIM ,  Young Tae YUN ,  Eung Ki PARK

IPC分类号： G06F17/30

CPC分类号： G06F16/93

摘要： Provided is a system and method for searching for a document based on a policy. The system includes: a document database for storing document files; a document format and text filer for extracting document format information and text information from a document newly stored in the document database; a document format policy module for setting a document format search policy according to an instruction from an administrator; a document text policy module for setting a document text search policy according to an instruction from the administrator; a document format information search module for searching for a document having a document format matching the set document format search policy in the document database; and a document text information search module for searching for a document having a text matching the set document text search policy in the document database.

摘要翻译： 提供了一种用于基于策略来搜索文档的系统和方法。 该系统包括：用于存储文档文件的文档数据库; 用于从新存储在文档数据库中的文档中提取文档格式信息和文本信息的文档格式和文本文件管理器; 文档格式策略模块，用于根据来自管理员的指令设置文档格式搜索策略; 文档文本策略模块，用于根据管理员的指令设置文档文本搜索策略; 文档格式信息搜索模块，用于在文档数据库中搜索具有与设置的文档格式搜索策略匹配的文档格式的文档; 以及文档文本信息搜索模块，用于在文档数据库中搜索具有与设置文档文本搜索策略相匹配的文本的文档。

公开(公告)号：US20090150997A1

公开(公告)日：2009-06-11

申请号：US12142080

申请日：2008-06-19

申请人： Jae Woo PARK ,  Dong Su NAM ,  Yun Ju KIM ,  Young Tae YUN

发明人： Jae Woo PARK ,  Dong Su NAM ,  Yun Ju KIM ,  Young Tae YUN

IPC分类号： G06F12/14

CPC分类号： G06F21/563 ,  G06F21/562

摘要： Provided is an apparatus and method for detecting a malicious file that attempts to initiate communication in a mobile terminal without a user's approval. The method of detecting a malicious file in a mobile terminal includes: determining whether a file to be examined is an executable file; when the file is an executable file, examining whether the file is a malicious file that can cause unapproved communication based on at least one predetermined examination condition; and outputting the result of examining whether the file is the malicious file. Accordingly, an attack caused by a new type of malicious code can be coped with.

摘要翻译： 提供了一种用于在未经用户许可的情况下检测在移动终端中尝试发起通信的恶意文件的装置和方法。 在移动终端中检测恶意文件的方法包括：确定要检查的文件是否是可执行文件; 当文件是可执行文件时，检查文件是否是可能基于至少一个预定检查条件导致未经批准的通信的恶意文件; 并输出检查文件是否是恶意文件的结果。 因此，可以应对由新型恶意代码引起的攻击。

公开(公告)号：US20090133126A1

公开(公告)日：2009-05-21

申请号：US12262745

申请日：2008-10-31

申请人： Moon Su JANG ,  Hong Chul KIM ,  Young Tae YUN

发明人： Moon Su JANG ,  Hong Chul KIM ,  Young Tae YUN

IPC分类号： G06F21/22

CPC分类号： G06F21/56

摘要： Provided are an apparatus and method for detecting a Dynamic Link Library (DLL) inserted by a malicious code. The method includes collecting first DLL information from an image file of a process before the process is executed; collecting second DLL information loaded into a memory as the process is executed; comparing the first DLL information with the second DLL information to extract information on an explicit DLL; and determining whether the explicit DLL is a DLL inserted by a malicious code or not.

摘要翻译： 提供了一种用于检测由恶意代码插入的动态链接库（DLL）的装置和方法。 该方法包括在执行处理之前从进程的图像文件收集第一DLL信息; 在执行进程时收集加载到存储器中的第二DLL信息; 将所述第一DLL信息与所述第二DLL信息进行比较以提取关于显式DLL的信息; 并确定显式DLL是否是由恶意代码插入的DLL。