基本信息:
- 专利标题: APPARATUS, SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE
- 专利标题(中):用于检测恶意代码的装置,系统和方法
- 申请号:US12985252 申请日:2011-01-05
- 公开(公告)号:US20110271343A1 公开(公告)日:2011-11-03
- 发明人: Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
- 申请人: Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
- 申请人地址: KR Daejeon
- 专利权人: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
- 当前专利权人: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
- 当前专利权人地址: KR Daejeon
- 优先权: KR10-2010-0039335 20100428
- 主分类号: G06F21/00
- IPC分类号: G06F21/00
摘要:
Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.
摘要(中):
提供了一种用于检测插入到伪装的正常进程中的恶意代码的装置,系统和方法。 该装置包括恶意代码检测模块,用于提取由计算机系统上运行的进程生成的线程的信息,以识别与该线程相关的代码,初步确定所识别的代码是否是恶意的,并提取初步确定为恶意的代码 ; 以及强制恶意代码终止模块,用于基于在虚拟环境中执行的提取的代码的行为的分析结果,最终将代码确定为恶意代码,并强制终止代码的执行。
公开/授权文献:
- US08955124B2 Apparatus, system and method for detecting malicious code 公开/授权日:2015-02-10