AHNLAB., Inc. Patent applications |
Patent application number | Title | Published |
20140373138 | METHOD AND APPARATUS FOR PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACK - An apparatus for preventing a distributed denial of service (DDoS) attack transmits a redirect message containing a redirect URL (Uniform resource Locator) to a client terminal that has transmitted a request for accessing a web server, in place of the web server. The apparatus authenticates the client terminal that re-sends the request for accessing the web server as a normal client terminal, and permits the client terminal to access the web server. | 12-18-2014 |
20140101314 | METHOD AND APPARATUS FOR CONNECTING TO SERVER USING TRUSTED IP ADDRESS OF DOMAIN - An apparatus for connecting to an update server includes an update unit configured to connect to the update server over a network using a pre-stored domain name address of the update server and an IP address acquisition unit configured to acquire an IP address of the connected update server. The IP address acquired by the IP address acquisition unit is stored as a trusted IP address in a storage unit. The apparatus further includes a reconnection processing unit configured to fetch the trusted IP address of the update server and try connecting to the update server using the trusted IP address in the case of failure to connect to the update server using the pre-stored domain name address. | 04-10-2014 |
20130305373 | METHOD AND APPARATUS FOR INSPECTING NON-PORTABLE EXECUTABLE FILES - An apparatus for inspecting a non-PE file includes a data loading unit configured to load candidate malicious address information related to a malicious code of the non-PE file; and a program link unit configured to acquire normal address range information of a module being loaded on a memory when an application program adapted for the non-PE file is executed and set up a candidate malicious address corresponding to the candidate malicious address information to be a breakpoint of the application program. Further, the apparatus includes a malicious code determination unit configured to determine whether a next execution address is within the normal address range information when there occurs an event derived from the breakpoint. | 11-14-2013 |
20130305366 | APPARATUS AND METHOD FOR DETECTING MALICIOUS FILES - An apparatus for detecting a malicious file, includes a program driving unit configured to output an execution address of a command executed by driving a program corresponding to a non-executable file; and an address storage unit configured to store normal address range information in accordance with the driving of the program. | 11-14-2013 |
20130283382 | SYSTEM AND METHOD FOR DETECTING MALWARE IN FILE BASED ON GENETIC MAP OF FILE - A method for detecting whether a file includes malware is performed on a device. The method includes extracting information of at least two predetermined items in the file; creating a genetic map for the file by altering the extracted information into a previously set format; comparing the created genetic map with a previously stored malware genetic map to obtain a similarity between the created genetic map and the previously stored malware genetic map; and determining that the file is a malware when the similarity is higher than a reference value. | 10-24-2013 |
20130276117 | METHOD AND APPARATUS FOR DETECTING A MALWARE IN FILES - An apparatus for detecting a malware in files includes an acquisition unit configured to obtain from a file system information about a first time point when an interested folder is created by the file system, and information about a second time point when an interested file is created in the interested folder by the file system, a candidate determination unit configured to determine whether the interested file is a candidate file to be subjected to a malware inspection, based on the information on the first and the second time point, and an inspection unit configured to perform the malware inspection on the interested file determined to be the candidate file for the malware inspection. | 10-17-2013 |
20130254893 | APPARATUS AND METHOD FOR REMOVING MALICIOUS CODE - Disclosed are an apparatus and a method for removing a malicious code. Accordingly, the present invention provides a technology of mixing a cloud computing based network detecting scheme and a conventional malicious code detecting scheme for providing a detection engine to a client terminal according to a situation based on characteristics of the client terminal, helping efficiently cope with a malicious code. | 09-26-2013 |
20130227686 | METHOD AND APPARATUS FOR BLOCKING MALICIOUS ACCESS TO PROCESS - An apparatus for blocking an external access to a browser includes an access monitor for monitoring whether a program is accessing the browser; and a document-object acquisition detector for detecting whether the program detected to access the browser by the access monitor acquires a document object of the browser; and an injection blocker for blocking the access of the program to the browser when the document object acquisition detector detects the document object acquisition by the corresponding program. | 08-29-2013 |
20130097707 | TERMINAL AND METHOD FOR TERMINAL TO DETERMINE FILE DISTRIBUTOR - Provided are a terminal and a file distributor determining method of the terminal. According to embodiments of the present invention, files pre-executed in the terminal and distributor information of the files are cached. When a new file is generated in the terminal, the new file and the cached files are compared, and distributor information of the new file is extracted so as to prevent the spread of a malicious code in advance. | 04-18-2013 |
20130014262 | MOBILE COMMUNICATION TERMINAL HAVING A BEHAVIOR-BASED MALICIOUS CODE DETECTION FUNCTION AND DETECTION METHOD THEREOF - A mobile communication terminal comprises: a system unit which performs application installation and removal, outputs an installation completion message upon completion of the application installation, and provides, upon receipt of request for authority information on the application, the requested authority information; a behavior information database in which behavior information data is stored; and an inspection unit which makes a request for the authority information to the system unit and receives the authority information, upon receipt of the installation completion message from the system unit, and which compares the authority information and the behavior information data stored in the behavior information database to examine whether the application is a malicious code or not. | 01-10-2013 |
20130003582 | NETWORK SPLITTING DEVICE, SYSTEM AND METHOD USING VIRTUAL ENVIRONMENTS - A network separation apparatus allows a user terminal, connected to an internal network, to connect an external network. The network separation apparatus includes a packet transmission/reception unit to receive a packet generated in a virtual environment on the user terminal and transmit the packet either to the external network or the internal network. The apparatus also includes a packet analysis unit to analyze the packet received from the packet transmission/reception unit and a packet processing unit to allow the packet to be transmitted to the external network or the internal network, separately, based on an analysis result of the packet from the packet analysis unit and a preset packet processing policy. | 01-03-2013 |
20120331522 | SYSTEM AND METHOD FOR LOGICAL SEPARATION OF A SERVER BY USING CLIENT VIRTUALIZATION - A system for logically separating a server using client virtualization includes a client terminal including a virtual environment generation unit for generating a virtual environment, and a virtualized server including a local storage unit, an authentication server for performing authentication on the client terminal when a request for access to the local storage unit is received from a process executed in the virtual environment, and a virtualization filter drier for allowing or blocking the access request to the local storage unit based on the authentication result of the client terminal. The client terminal further includes a virtualization filter drives for transmitting the access request from the process executed in the virtual environment to the local storage unit, and blocking the access request from the process without being made through the virtual environment to the local storage unit. | 12-27-2012 |
20120233692 | APPARATUS AND METHOD FOR DETECTING MALICIOUS SITES - The invention relates to an apparatus for detecting malicious sites, comprising: a monitoring unit for monitoring all processes being executed in a computing apparatus; a hook code insertion unit for inserting a hook code in a process executed in a browser when the execution of the browser is detected by the monitoring unit; a danger level determining unit that, upon the detection of a website movement, uses the hook code to inspect a stack structure of a process implemented according to the website movement and determine whether or not to perform the stack structure inspection, and determines whether or not the website to which the movement has been made is a malicious site; and a database for storing a list of sites determined to be malicious. | 09-13-2012 |
20120144500 | METHOD AND APPARATUS FOR PROTECTING DATA USING A VIRTUAL ENVIRONMENT - The present invention relates to a method and apparatus for protecting data using a virtual environment, which creates a safe virtual environment that supports the execution of application programs being operated on a computer and which enables important data to be inputted or outputted only within the virtual environment, such that access to the important data is prevented in a general local environment. According to the present invention, data leakage is initially prevented to protect data, and convenience is provided in that a user may use the computer in a general manner while performing desired work. | 06-07-2012 |
20120124666 | METHOD FOR DETECTING AND PREVENTING A DDOS ATTACK USING CLOUD COMPUTING, AND SERVER - A method for detecting and preventing a Distributed Denial of Service (DDoS) attack in a cloud computing environment including a plurality of clients connected to a server, the method includes collecting, by the server, file deoxyribonucleic acid (DNA) extracted from a file currently being executed by each of the clients and traffic information about network traffic caused by the file, from each client by using an agent that is installed in the client and that monitors the file currently being executed by the client. Further, the method includes analyzing, by the server, a risk level of a DDoS attack based on whether the file DNA of the file is malicious or unidentified and based on the traffic information. Furthermore, the method includes sending a command related to whether to block the file to the client according to the analyzed risk level. | 05-17-2012 |
20120110657 | APPARATUS AND METHOD FOR HOST-BASED NETWORK SEPARATION - The invention relates to an apparatus for host-based network separation, comprising: a network separation switch which, when a process is being executed on a host computer, checks whether the network allocated to the process is an internal network or an external network in accordance with the network access authority allocated to the process, and separates the process by IPs allocated to each network; and a packet processor which blocks the access of packet data when the packet data of the process separated by IPs by the network separation switch access a network other than the network to which the relevant IP is allocated. | 05-03-2012 |
20110296526 | APPARATUS AND METHOD FOR PREEMPTIVELY PROTECTING AGAINST MALICIOUS CODE BY SELECTIVE VIRTUALIZATION - An apparatus for preemptively protecting against malicious code by selective virtualization comprises: a compulsory resource storage unit which selects and stores compulsory resources required for executing a vulnerable program having an interface with an external source in a separated space; a modified resource-generating unit which generates a new resource by modifying the content of a resource accessed by the vulnerable program in the event the vulnerable program accesses a resource other than said compulsory resources; and a resource control unit which performs an operating system-level virtualization when the vulnerable program accesses the compulsory resource, and permits the vulnerable program to access the modified resource when the vulnerable program accesses a resource other than the compulsory resource. | 12-01-2011 |
20110161364 | SYSTEM AND METHOD FOR PROVIDING A NORMAL FILE DATABASE - The present invention relates to a system for providing a normal file database, including a database server in which a normal file database constructed for different operating systems is stored, and a file providing server for searching a normal file database corresponding to operating system information on the basis of the operating system information of a terminal installed with an antivirus program through the database server, and providing the searched normal file database to a terminal through a communication network. As described above, the present invention creates a normal file database in a state where no intrusion by external sources such as viruses or malicious code has occurred, and provides the created database to a terminal through a communication network, thus improving the reliability of the normal file database. | 06-30-2011 |
20110047305 | APPARATUS AND METHOD FOR SECURING DATA OF USB DEVICES - Security for a USB device is conducted in a protection mode for USB data by hooking an import table of a USB bus class driver, identifying a target IRP, into which the USB data to be protected is inputted, during the hooking routine, and intercepting a real USB data from the IRP. Therefore, input/output data of every USB devices, including a USB keyboard, can be protected in a USB bus class driver level to which a USB input/output request packet is transferred for the first time, thereby protecting the input/output data of the USB devices more safely and basically. | 02-24-2011 |