摘要:
A method and apparatus for digital forensics are provided. The apparatus for digital forensics includes a page file extractor for extracting a page file stored in a target storage medium, a stored-page feature extractor for extracting features of pages stored in the extracted page file, a page classifier for comparing the extracted features of the pages with at least one predetermined classification criterion and classifying the pages according to the comparison results, and a digital forensics unit for performing digital forensics according to the classified pages. According to the method and apparatus, it is possible to perform digital forensics using only information of a page file.
摘要:
A system and method for managing a network by value-based estimation is provided. A network device requesting communication is defined as an active point and a network device receiving a request for communication is defined as a passive point. A value of a network device is determined according to the number of active points connected to the corresponding network device, and a value of a network device that is in a path of communication between network devices is determined based on a value of a network device passing through the corresponding network device. When a policy for changing a network environment is transferred in a state where the values of the network devices have been estimated, a policy conflict test is performed on the basis of the estimated values of the network devices, thereby determining application of the policy in due consideration of the values and significance of the network devices.
摘要:
Provided are a method and apparatus for extracting text from an Internet mail attachment file. The apparatus includes a mail display unit for displaying Internet mail and an attachment file received from outside, an attachment file storage for storing the attachment file, a text extraction engine for extracting a text code included in the attachment file, and an attachment file text extractor for extracting text included in the attachment file using the text extraction engine.
摘要:
Provided are a fuzzing system and method of a distributed computing environment (DCE) remote procedure call (RPC) object. The fuzzing system includes a file manager, a random data generator, a RPC packet, and a packet injector. The file manager obtains necessary information by parsing and analyzing an idl file for a target object for fuzzing and a file having information about a Named Pipe file. The random data generator generates a random value using a system clock as a factor. The RPC packet creator embodies protocols used for RPC communication by functions and generating a RPC packet for RPC communication. The packet injector inserts the necessary information and the random value into the generated RPC packet and transmits the generated RPC packet to the target object for fuzzing.
摘要:
An apparatus and method for preventing an anomaly of an application program are provided. More particularly, an apparatus and method for preventing an anomaly of an application program that detect and stop an anomaly on the basis of a behavior profile for an application program are provided. The apparatus includes a behavior monitor that detects behavior of an application program in operation, an anomaly detector that determines whether the detected behavior of the application program is an anomaly on the basis of a behavior profile of the application program in operation, and an anomaly stopper that stops the behavior of the application program determined as an anomaly by the anomaly detector. Possible application program behavior is stored according to its purpose in a behavior profile and an anomaly is detected and stopped on the basis of the behavior profile, thereby decreasing a false-positive rate of anomaly detection and simultaneously solving a problem of a conventional security programs being incapable of defending against attacks using the authority of a program trusted by a user.
摘要:
Provided are a system and method for predicting a cyber threat. The system and method collect various variables and synthetically predict the frequency, dangerousness, possibility, and time of the occurrence of a cyber threat including hacking, a worm/virus, a Denial of Service (DoS) attack, illegal system access, a malicious code, a social engineering attack, system/data falsification, cyber terror/war, weakness exploitation, etc., using a time-series analysis method and a Delphi method, and inform a user in advance of the prediction result, thereby enabling the user to prepare against the cyber threat.
摘要:
An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code.
摘要:
Provided is a method and apparatus for analyzing an exploit code included in a nonexecutable file using a target program with vulnerability in a virtual environment. The method includes the steps of: loading a nonexecutable file including the exploit code by a target program, the target program being executed in a virtual environment and includes vulnerability; analyzing a register value of the target program and determining if the register value of the target program indicates a normal code region; storing log information on operation of the target program when the register value indicates a region other than the normal code region; and extracting and analyzing the exploit code included in the nonexecutable file based on the stored log information. In this method, the exploit code is analyzed in the virtual environment, thereby preventing damage caused by execution of the exploit code.
摘要:
Provided are an apparatus and method for checking Personal Computer (PC) security. The apparatus includes a check module for checking a security configuration of a PC on the basis of a check policy received from a security check server and outputting check results, and a control module for changing the security configuration of the PC on the basis of a control policy received from the security check server and the check results received from the check module. According to the apparatus, a security check agent installed in each PC performs security check and changes a security configuration according to a control policy, such that the security configurations of PCs in a network can be managed collectively.
摘要:
An apparatus and method for preventing an attempt to perform malicious activities using web browser weaknesses are provided. A file protection module monitors attempts to access at least one file resource when the web browser executes a program, and allows or denies access. A registry protection module monitors attempts to access at least one registry resource when the web browser executes a program, and allows or denies access. A process protection module monitors attempts to execute or terminate at least one process when the web browser executes a program, and allows or denies the execution or termination.