Patent application number | Description | Published |
20080263572 | FUZZING SYSTEM AND METHOD OF DISTRIBUTED COMPUTING ENVIRONMENT (DCE) REMOTE PROCEDURE CALL (RPC) - Provided are a fuzzing system and method of a distributed computing environment (DCE) remote procedure call (RPC) object. The fuzzing system includes a file manager, a random data generator, a RPC packet, and a packet injector. The file manager obtains necessary information by parsing and analyzing an idl file for a target object for fuzzing and a file having information about a Named Pipe file. The random data generator generates a random value using a system clock as a factor. The RPC packet creator embodies protocols used for RPC communication by functions and generating a RPC packet for RPC communication. The packet injector inserts the necessary information and the random value into the generated RPC packet and transmits the generated RPC packet to the target object for fuzzing. | 10-23-2008 |
20080307006 | FILE MUTATION METHOD AND SYSTEM USING FILE SECTION INFORMATION AND MUTATION RULES - Provided are a file mutation method and a system using file section information and mutation rules. The file mutation system includes: a file section information extraction module obtaining file section information with respect to a sample file of a known file format; a file section information production module producing file section information with respect to a sample file of an unknown format; a mutation rule production module receiving a user input that a mutation rule is applied and producing a mutation rule, the mutation rule defining a mutation function that is to be applied to each data type; and a file mutation module receiving the sample file and producing a plurality of test case files that are created by mutating the sample file through the file section information processed in the file section information extraction module and the file section information production module and the mutation rule from the mutation rule production module. | 12-11-2008 |
20080313417 | APPARATUS AND METHOD OF DETECTING AND CONTROLLING PRIVILEGE LEVEL VIOLATION PROCESS - Provided are an apparatus and method of detecting and controlling a privilege level violation process. The apparatus monitors whether higher-privileged processes depend on information provided from lower-privileged objects or denies the higher-privileged processes to access the lower-privileged objects. The apparatus is provided in a process, and monitors whether a process accesses to a lower-privileged object. The apparatus gives a warning message or denies an access of the process to the lower-privileged object when it detects that the higher-privileged process access to the lower-privileged object. Therefore, the apparatus of detecting and controlling a privilege level violation process detects weaknesses that may be caused by privilege level violation, thus allowing a system to be safely operated. | 12-18-2008 |
20080313701 | SYSTEM AND METHOD FOR MANAGING NETWORK BY VALUE-BASED ESTIMATION - A system and method for managing a network by value-based estimation is provided. A network device requesting communication is defined as an active point and a network device receiving a request for communication is defined as a passive point. A value of a network device is determined according to the number of active points connected to the corresponding network device, and a value of a network device that is in a path of communication between network devices is determined based on a value of a network device passing through the corresponding network device. When a policy for changing a network environment is transferred in a state where the values of the network devices have been estimated, a policy conflict test is performed on the basis of the estimated values of the network devices, thereby determining application of the policy in due consideration of the values and significance of the network devices. | 12-18-2008 |
20090055928 | METHOD AND APPARATUS FOR PROVIDING PHISHING AND PHARMING ALERTS - Provided is an Internet information security technique, and more particularly, a method for alerting a user that a connected web site is a phishing site by comparing connected web site information with normal site information. | 02-26-2009 |
20090094585 | METHOD AND APPARATUS FOR ANALYZING EXPLOIT CODE IN NONEXECUTABLE FILE USING VIRTUAL ENVIRONMENT - Provided is a method and apparatus for analyzing an exploit code included in a nonexecutable file using a target program with vulnerability in a virtual environment. The method includes the steps of: loading a nonexecutable file including the exploit code by a target program, the target program being executed in a virtual environment and includes vulnerability; analyzing a register value of the target program and determining if the register value of the target program indicates a normal code region; storing log information on operation of the target program when the register value indicates a region other than the normal code region; and extracting and analyzing the exploit code included in the nonexecutable file based on the stored log information. In this method, the exploit code is analyzed in the virtual environment, thereby preventing damage caused by execution of the exploit code. | 04-09-2009 |
20090100517 | APPARATUS AND METHOD FOR MONITORING AND PROTECTING SYSTEM RESOURCES FROM WEB BROWSER - An apparatus and method for preventing an attempt to perform malicious activities using web browser weaknesses are provided. A file protection module monitors attempts to access at least one file resource when the web browser executes a program, and allows or denies access. A registry protection module monitors attempts to access at least one registry resource when the web browser executes a program, and allows or denies access. A process protection module monitors attempts to execute or terminate at least one process when the web browser executes a program, and allows or denies the execution or termination. | 04-16-2009 |
20090259673 | METHOD AND APPARATUS FOR EXTRACTING TEXT FROM INTERNET MAIL ATTACHMENT FILE - Provided are a method and apparatus for extracting text from an Internet mail attachment file. The apparatus includes a mail display unit for displaying Internet mail and an attachment file received from outside, an attachment file storage for storing the attachment file, a text extraction engine for extracting a text code included in the attachment file, and an attachment file text extractor for extracting text included in the attachment file using the text extraction engine. | 10-15-2009 |
20090293100 | APPARATUS AND METHOD FOR CHECKING PC SECURITY - Provided are an apparatus and method for checking Personal Computer (PC) security. The apparatus includes a check module for checking a security configuration of a PC on the basis of a check policy received from a security check server and outputting check results, and a control module for changing the security configuration of the PC on the basis of a control policy received from the security check server and the check results received from the check module. According to the apparatus, a security check agent installed in each PC performs security check and changes a security configuration according to a control policy, such that the security configurations of PCs in a network can be managed collectively. | 11-26-2009 |
20090299935 | METHOD AND APPARATUS FOR DIGITAL FORENSICS - A method and apparatus for digital forensics are provided. The apparatus for digital forensics includes a page file extractor for extracting a page file stored in a target storage medium, a stored-page feature extractor for extracting features of pages stored in the extracted page file, a page classifier for comparing the extracted features of the pages with at least one predetermined classification criterion and classifying the pages according to the comparison results, and a digital forensics unit for performing digital forensics according to the classified pages. According to the method and apparatus, it is possible to perform digital forensics using only information of a page file. | 12-03-2009 |
20090313699 | APPARATUS AND METHOD FOR PREVENTING ANOMALY OF APPLICATION PROGRAM - An apparatus and method for preventing an anomaly of an application program are provided. More particularly, an apparatus and method for preventing an anomaly of an application program that detect and stop an anomaly on the basis of a behavior profile for an application program are provided. The apparatus includes a behavior monitor that detects behavior of an application program in operation, an anomaly detector that determines whether the detected behavior of the application program is an anomaly on the basis of a behavior profile of the application program in operation, and an anomaly stopper that stops the behavior of the application program determined as an anomaly by the anomaly detector. Possible application program behavior is stored according to its purpose in a behavior profile and an anomaly is detected and stopped on the basis of the behavior profile, thereby decreasing a false-positive rate of anomaly detection and simultaneously solving a problem of a conventional security programs being incapable of defending against attacks using the authority of a program trusted by a user. | 12-17-2009 |
20100024033 | APPARATUS AND METHOD FOR DETECTING OBFUSCATED MALICIOUS WEB PAGE - An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code. | 01-28-2010 |