专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070300061A1 System and method for detecting hidden process using system event information 审中-公开
标题翻译：使用系统事件信息检测隐藏过程的系统和方法
公开(公告)号：US20070300061A1
公开(公告)日：2007-12-27
申请号：US11527018
申请日：2006-09-26
申请人： Eun Young Kim , Youngtae Yun , Eungki Park
发明人： Eun Young Kim , Youngtae Yun , Eungki Park
IPC分类号： H04L9/00
CPC分类号： G06F21/566 , G06F21/56
摘要： A system and method for detecting a hidden process using system event information are provided. The system includes: a kernel layer monitoring module for extracting system event information by monitoring a kernel layer system; a kernel layer process list detecting module for detecting processes related to an event from the extracted system event information; an application layer process list detecting module for detecting a process list provided to a user from an application layer; and a hidden process detecting module for detecting a process that is present only in the kernel layer as a hidden process by comparing the processes detected from the kernel layer process list detecting module and the processes detected from the application layer process list detecting module.
摘要翻译：提供了一种使用系统事件信息检测隐藏过程的系统和方法。该系统包括：内核层监控模块，用于通过监控内核层系统提取系统事件信息; 内核层处理列表检测模块，用于从所提取的系统事件信息中检测与事件有关的进程; 应用层处理列表检测模块，用于从应用层检测提供给用户的进程列表; 以及隐藏处理检测模块，用于通过比较从内核层处理列表检测模块检测的处理和从应用层处理列表检测模块检测到的处理，来检测仅存在于内核层中的进程作为隐藏处理。

2. 发明申请

US20080115219A1 APPARATUS AND METHOD OF DETECTING FILE HAVING EMBEDDED MALICIOUS CODE 审中-公开
标题翻译：检测具有嵌入式恶意代码的文件的装置和方法
公开(公告)号：US20080115219A1
公开(公告)日：2008-05-15
申请号：US11780303
申请日：2007-07-19
申请人： Yun-Ju KIM , Youngtae YUN
发明人： Yun-Ju KIM , Youngtae YUN
IPC分类号： G06F11/00
CPC分类号： G06F21/563
摘要： An apparatus and method of detecting a file having an embedded malicious code by confirming normality/abnormality of a process that operates in a file process is disclosed. The apparatus includes an execution code detection module for detecting whether an executable file format is included in a file to be inspected through a static analysis, a support program searching module for searching for a support program according to an extension of the file to be inspected and reporting a corresponding process name and an execution path, an abnormal process detection nodule for monitoring the searched support process and judging whether a parent process of a newly created process is normal using a tree structure of the process, and an abnormal process compulsory ending module for compulsorily ending the newly created process if it is judged that the file to be inspected is the file having the embedded malicious code. Accordingly, execution of all abnormal processes can be checked.
摘要翻译：公开了一种通过确认在文件处理中操作的处理的正常/异常来检测具有嵌入式恶意代码的文件的装置和方法。该装置包括：执行代码检测模块，用于通过静态分析检测可执行文件格式是否包括在待检查的文件中;支持程序搜索模块，用于根据待检查的文件的扩展来搜索支持程序，报告对应的进程名称和执行路径，用于监视所搜索的支持处理的异常处理检测结点，并使用该进程的树结构判断新创建的进程的父进程是否正常;以及异常处理强制结束模块，如果判断要检查的文件是具有嵌入的恶意代码的文件，则强制结束新创建的进程。因此，可以检查所有异常处理的执行。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式