专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08955124B2 Apparatus, system and method for detecting malicious code 有权
标题翻译：用于检测恶意代码的装置，系统和方法
公开(公告)号：US08955124B2
公开(公告)日：2015-02-10
申请号：US12985252
申请日：2011-01-05
申请人： Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
发明人： Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
IPC分类号： G06F21/00 , G06F21/56
CPC分类号： G06F21/566
摘要： Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.
摘要翻译：提供了一种用于检测插入到伪装的正常进程中的恶意代码的装置，系统和方法。该装置包括恶意代码检测模块，用于提取由计算机系统上运行的进程生成的线程的信息，以识别与该线程相关的代码，初步确定所识别的代码是否是恶意的，并提取初步确定为恶意的代码 ; 以及强制恶意代码终止模块，用于基于在虚拟环境中执行的提取的代码的行为的分析结果，最终将代码确定为恶意代码，并强制终止代码的执行。

2. 发明申请

US20110271343A1 APPARATUS, SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE 有权
标题翻译：用于检测恶意代码的装置，系统和方法
公开(公告)号：US20110271343A1
公开(公告)日：2011-11-03
申请号：US12985252
申请日：2011-01-05
申请人： Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
发明人： Yo Sik Kim , Sang Kyun Noh , Yoon Jung Chung , Dong Soo Kim , Won Ho Kim , Yu Jung Han , Young Tae Yun , Ki Wook Sohn , Cheol Won Lee
IPC分类号： G06F21/00
CPC分类号： G06F21/566
摘要： Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.
摘要翻译：提供了一种用于检测插入到伪装的正常进程中的恶意代码的装置，系统和方法。该装置包括恶意代码检测模块，用于提取由计算机系统上运行的进程生成的线程的信息，以识别与该线程相关的代码，初步确定所识别的代码是否是恶意的，并提取初步确定为恶意的代码 ; 以及强制恶意代码终止模块，用于基于在虚拟环境中执行的提取的代码的行为的分析结果，最终将代码确定为恶意代码，并强制终止代码的执行。

3. 发明申请

US20060129603A1 Apparatus and method for detecting malicious code embedded in office document 审中-公开
标题翻译：用于检测嵌入在office文档中的恶意代码的装置和方法
公开(公告)号：US20060129603A1
公开(公告)日：2006-06-15
申请号：US11211057
申请日：2005-08-24
申请人： Jae Woo Park , Won Ho Kim , Jung Hwan Moon , Ki Wook Sohn
发明人： Jae Woo Park , Won Ho Kim , Jung Hwan Moon , Ki Wook Sohn
IPC分类号： G06F17/00
CPC分类号： G06F21/561
摘要： An apparatus and method for detecting an unknown malicious code embedded in an office document are provided. The method includes the steps of: (a) when the office document is opened, previously checking whether or not the office document has an office document extension name, using a program for checking the malicious code in the office document; (b) determining whether or not the office document having the extension name has a macro function; (c) if it is determined from the determination result of the step (b) that the office document has the macro function, determining whether or not the office document has an execution code/whether or not the execution code is executable; (d) if it is determined from the determination result of the step (c) that the execution code is executable, detecting whether or not the malicious code is embedded in the office document; and (e) on the basis of the result of the step (d), determining whether or not the office document is executed.
摘要翻译：提供了一种用于检测嵌入在办公文档中的未知恶意代码的装置和方法。该方法包括以下步骤：（a）当办公室文档被打开时，先前检查办公室文件是否具有办公室文件扩展名，使用用于检查办公文档中的恶意代码的程序; （b）确定具有扩展名的办公室文件是否具有宏功能; （c）如果从步骤（b）的确定结果确定办公室文件具有宏功能，则确定办公室文件是否具有执行代码/执行代码是否可执行; （d）如果从步骤（c）的确定结果确定执行代码是可执行的，则检测恶意代码是否嵌入在办公室文档中; 和（e）基于步骤（d）的结果，确定是否执行办公室文件。

4. 发明授权

US08590016B2 Apparatus and method for removing malicious code inserted into file 有权
标题翻译：用于删除插入到文件中的恶意代码的装置和方法
公开(公告)号：US08590016B2
公开(公告)日：2013-11-19
申请号：US12106571
申请日：2008-04-21
申请人： Won Ho Kim , Jung Hwan Moon , Ki Wook Sohn
发明人： Won Ho Kim , Jung Hwan Moon , Ki Wook Sohn
IPC分类号： H04L29/06
CPC分类号： G06F21/568 , H04L51/00 , H04L63/145
摘要： Provided are an apparatus and method for safely removing a malicious code from a file, or reporting the probable presence of a malicious code when it cannot be removed safely.The method includes: determining whether a file is a document or image file; opening and saving the document file as a new file by using an application associated with the document file to remove a malicious code from the document file, when it is determined that the file is the document file; and converting the image file into a different file format from a present file format and saving the converted image file to remove a malicious code from the image file, when it is determined that the file is the image file.
摘要翻译：提供了一种用于从文件安全地去除恶意代码或者当不能安全地去除恶意代码时可能存在恶意代码的装置和方法。该方法包括：确定文件是文档还是图像文件; 当确定文件是文档文件时，通过使用与文档文件相关联的应用程序将文档文件作为新文件打开并保存为从文档文件中删除恶意代码; 并且当确定文件是图像文件时，将图像文件从当前文件格式转换成不同的文件格式并保存转换的图像文件以从图像文件中去除恶意代码。

5. 发明授权

US08584101B2 Apparatus and method for automatically analyzing program for detecting malicious codes triggered under specific event/context 有权
标题翻译：用于自动分析程序以检测在特定事件/上下文下触发的恶意代码的装置和方法
公开(公告)号：US08584101B2
公开(公告)日：2013-11-12
申请号：US12270897
申请日：2008-11-14
申请人： Jung Hwan Moon , Won Ho Kim , Ki Wook Sohn
发明人： Jung Hwan Moon , Won Ho Kim , Ki Wook Sohn
IPC分类号： G06F9/44
CPC分类号： G06F11/3612 , G06F21/53
摘要： Provided is an apparatus and method for automatically analyzing a program in order to detect window malicious codes that are programmed to perform malicious behaviors when a specific event occurs, when the specific event does not occur, when a specific program execution condition is satisfied, and when the specific program execution condition is not satisfied.
摘要翻译：提供了一种用于自动分析程序的装置和方法，以便当特定事件发生时，当特定事件不发生时，当满足特定程序执行条件时，检测被编程为执行恶意行为的窗口恶意代码，以及何时具体程序执行条件不满足。

6. 发明申请

US20090150419A1 APPARATUS AND METHOD FOR REMOVING MALICIOUS CODE INSERTED INTO FILE 有权
标题翻译：删除插入到文件中的恶意代码的装置和方法
公开(公告)号：US20090150419A1
公开(公告)日：2009-06-11
申请号：US12106571
申请日：2008-04-21
申请人： Won Ho Kim , Jung Hwan Moon , Ki Wook Sohn
发明人： Won Ho Kim , Jung Hwan Moon , Ki Wook Sohn
IPC分类号： G06F7/00
CPC分类号： G06F21/568 , H04L51/00 , H04L63/145
摘要： Provided are an apparatus and method for safely removing a malicious code from a file, or reporting the probable presence of a malicious code when it cannot be removed safely.The method includes: determining whether a file is a document or image file; opening and saving the document file as a new file by using an application associated with the document file to remove a malicious code from the document file, when it is determined that the file is the document file; and converting the image file into a different file format from a present file format and saving the converted image file to remove a malicious code from the image file, when it is determined that the file is the image file.
摘要翻译：提供了一种用于从文件安全地去除恶意代码或者当不能安全地去除恶意代码时可能存在恶意代码的装置和方法。该方法包括：确定文件是文档还是图像文件; 当确定文件是文档文件时，通过使用与文档文件相关联的应用程序将文档文件作为新文件打开并保存为从文档文件中删除恶意代码; 并且当确定文件是图像文件时，将图像文件从当前文件格式转换成不同的文件格式并保存转换的图像文件以从图像文件中去除恶意代码。

7. 发明授权

US08800037B2 System for an engine for forecasting cyber threats and method for forecasting cyber threats using the system 有权
标题翻译：用于预测网络威胁的引擎系统以及使用该系统预测网络威胁的方法
公开(公告)号：US08800037B2
公开(公告)日：2014-08-05
申请号：US13320263
申请日：2010-06-22
申请人： Seung Hyun Paek , In Sung Park , Eun Young Lee , Joo Beom Yun , Ki Wook Sohn , Seok Jin Choi
发明人： Seung Hyun Paek , In Sung Park , Eun Young Lee , Joo Beom Yun , Ki Wook Sohn , Seok Jin Choi
IPC分类号： G06F11/00 , H04L29/06 , G06F21/55 , G06F21/57
CPC分类号： G06F21/577 , G06F21/552 , G06F2221/0775 , G06F2221/2129 , G06F2221/2145 , G06F2221/2151 , H04L63/1416
摘要： A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.
摘要翻译：提供了一种用于预测网络威胁的引擎系统，并提供了一种能够预测低级网络威胁的方法，并使用网络威胁分层结构中的低级网络威胁来预测高级网络威胁。该系统包括一个预测信息数据库，存储预测信息，包括网络威胁预测项目，与项目有关的预测进度，预测模拟信息，预测项目分层结构信息，网络威胁时间序列数据和网络威胁示例数据; 预测引擎核心子系统，使用存储在预测信息数据库中的预测信息来预测具有分级结构的网络威胁预测项目的威胁级别; 以及预测引擎控制接口，其从用户或外部系统接收用于预测引擎核心子系统的控制命令，并将接收的控制命令传递到预测引擎核心子系统。

8. 发明申请

US20120096552A1 SYSTEM FOR AN ENGINE FOR FORECASTING CYBER THREATS AND METHOD FOR FORECASTING CYBER THREATS USING THE SYSTEM 有权
标题翻译：用于预测核心威胁的发动机系统和使用系统预测核心威胁的方法
公开(公告)号：US20120096552A1
公开(公告)日：2012-04-19
申请号：US13320263
申请日：2010-06-22
申请人： Seung Hyun Paek , In Sung Park , Eun Young Lee , Joo Beom Yun , Ki Wook Sohn , Seok Jin Choi
发明人： Seung Hyun Paek , In Sung Park , Eun Young Lee , Joo Beom Yun , Ki Wook Sohn , Seok Jin Choi
IPC分类号： G06F21/00
CPC分类号： G06F21/577 , G06F21/552 , G06F2221/0775 , G06F2221/2129 , G06F2221/2145 , G06F2221/2151 , H04L63/1416
摘要： A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.
摘要翻译：提供了一种用于预测网络威胁的引擎系统，并提供了一种能够预测低级网络威胁的方法，并使用网络威胁分层结构中的低级网络威胁来预测高级网络威胁。该系统包括一个预测信息数据库，存储预测信息，包括网络威胁预测项目，与项目有关的预测进度，预测模拟信息，预测项目分层结构信息，网络威胁时间序列数据和网络威胁示例数据; 预测引擎核心子系统，使用存储在预测信息数据库中的预测信息来预测具有分级结构的网络威胁预测项目的威胁级别; 以及预测引擎控制接口，其从用户或外部系统接收用于预测引擎核心子系统的控制命令，并将接收的控制命令传递到预测引擎核心子系统。

9. 发明授权

US07716329B2 Apparatus and method for detecting anomalous traffic 有权
标题翻译：用于检测异常流量的装置和方法
公开(公告)号：US07716329B2
公开(公告)日：2010-05-11
申请号：US12103266
申请日：2008-04-15
申请人： Eun Young Lee , Seung Hyun Paek , In Sung Park , Joo Beom Yun , Ki Wook Sohn
发明人： Eun Young Lee , Seung Hyun Paek , In Sung Park , Joo Beom Yun , Ki Wook Sohn
IPC分类号： G06F13/00
CPC分类号： H04L63/1425 , H04L43/045
摘要： An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.
摘要翻译：提供了一种用于检测异常流量的装置和方法。更具体地，提供了一种用于基于网络流量熵来检测异常业务的装置和方法。检测异常流量的装置包括：熵抽取模块，用于从网络流量提取熵; 用于基于所述熵产生熵图的可视化模块; 用于基于熵图更新每个网络攻击的图形模型的图形模型体验模块; 以及用于根据每个网络攻击的熵图和图形模型检测异常流量的异常流量检测模块，并将检测结果输出给用户。在装置和方法中，基于网络熵而不是基于业务量的简单统计来检测异常业务，从而可以减少用于检测异常业务的装置的误报率。

10. 发明授权

US08839440B2 Apparatus and method for forecasting security threat level of network 有权
标题翻译：用于预测网络安全威胁等级的装置和方法
公开(公告)号：US08839440B2
公开(公告)日：2014-09-16
申请号：US12103069
申请日：2008-04-15
申请人： JooBeom Yun , Seung-Hyun Paek , InSung Park , Eun Young Lee , Ki Wook Sohn
发明人： JooBeom Yun , Seung-Hyun Paek , InSung Park , Eun Young Lee , Ki Wook Sohn
IPC分类号： G06F21/00
CPC分类号： H04L63/1433 , G06F21/577
摘要： Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.
摘要翻译：提供了一种用于预测网络的安全威胁级别的装置和方法。该装置包括：安全数据收集单元，用于收集从外部网络发送到被管理网络的流量数据和入侵检测数据; 用于收集从安全企业网络发送的恶意代码数据的恶意代码数据收集单元; 时间序列数据变换单元，用于将由安全数据收集单元收集的数据变换为时间序列数据; 网络流量分析单元，用于使用由所述安全数据收集单元收集的数据来分析所述被管理网络的流量分布; 以及用于使用由时间数据变换单元获得的时间序列数据，由网络流量分析单元分析的数据和由恶意代码数据收集单元收集的数据来预测托管网络的安全数据的安全预测引擎。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式