Patent application number | Description | Published |
20090133125 | METHOD AND APPARATUS FOR MALWARE DETECTION - The present invention relates to an apparatus and method for detecting malware. The malware detection apparatus and method of the present invention determines whether a file is malware or not by analyzing the header of an executable file. Since the malware detection apparatus and method can quickly detect presence of malware, it can shorten detection time considerably. The malware detection apparatus and method can also detect even unknown malware as well as known malware to thereby estimate and determine presence of malware. Therefore, it is possible to cope with malware in advance, protect a system with a program, and increase security level remarkably. | 05-21-2009 |
20090158431 | METHOD OF DETECTING POLYMORPHIC SHELL CODE - There is provided a method of detecting a polymorphic shell code. The decoding routine of the polymorphic shell code is detected from received data. In order for the decoding routine to access the address of an encoded code, the address of a currently executed code is stored in a stack, the value is moved in a register table, and it is determined whether the value is actually used for operating a memory. Emulation is finally performed and the degree of correctness of detection is improved. Therefore, time spent on detecting the polymorphic shell code and an overhead are reduced and the correctness of detection is increased. | 06-18-2009 |
20100146621 | METHOD OF EXTRACTING WINDOWS EXECUTABLE FILE USING HARDWARE BASED ON SESSION MATCHING AND PATTERN MATCHING AND APPRATUS USING THE SAME - A method and apparatus for extracting a windows executable file that can search for a pattern related to windows executable files among a large quantity of network packets using a hardware-based session tracking and pattern matching technology and that can extract all packets included in the corresponding session are provided. The method of extracting a windows executable file includes: collecting incoming packets having a payload according to a session of a reference packet having an MZ pattern; performing a portable executable (PE) pattern matching for the collected incoming packets; and forming a PE file based on at least one incoming packet satisfying the PE pattern matching. | 06-10-2010 |
20120117646 | TRANSMISSION CONTROL PROTOCOL FLOODING ATTACK PREVENTION METHOD AND APPARATUS - Disclosed herein is a Transmission Control Protocol (TCP) flooding attack prevention method. The TCP flooding attack prevention method includes identifying the type of a packet received at an intermediate stage between a client and a server; determining the direction of the packet; defining a plurality of session states based on the type and the direction of the packet; detecting a TCP flooding attack by tracking the session states for each flow; and responding to the TCP flooding attack based on the type of the TCP flooding attack. | 05-10-2012 |
20120151584 | METHOD FOR BLOCKING DENIAL-OF-SERVICE ATTACK - Disclosed herein is a method for blocking a Denial-of-Service (DoS) attack. A server extracts a plurality of suspicious packets including data, length of which is equal to or greater than a preset length, from a plurality of received packets. The server determines a packet, which includes data composed of characters or character strings identical to each other, among the plurality of suspicious packets, to be an attack packet. The server blocks a packet corresponding to the attack packet. Accordingly, the present invention can block a DoS attack based on UDP flooding. | 06-14-2012 |
20120167222 | METHOD AND APPARATUS FOR DIAGNOSING MALICOUS FILE, AND METHOD AND APPARATUS FOR MONITORING MALICOUS FILE - An apparatus for diagnosing malicious files includes a information transferring unit configured to receive information regarding a malicious file distributed in a management network and an execution file generated by assembling packets collected from the management network; an anti-virus engine configured to determine whether or not the execution file is malicious to generate information regarding a new malicious file; and a management unit configured to transfer the information regarding the malicious file and the information regarding the new malicious file to a terminal device on the management network through the information transferring unit. | 06-28-2012 |
20130042322 | SYSTEM AND METHOD FOR DETERMINING APPLICATION LAYER-BASED SLOW DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACK - A technology for defending a Distributed Denial-of-Service (DDoS) attack is provided. A system for determining an application layer-based slow DDoS attack may include a packet collecting unit to collect a packet in a network, a packet parsing unit to extract at least one header field from the collected packet, and a DDoS attack determining unit to determine whether a DDoS attack against the packet is detected, using a session table and a flow table. | 02-14-2013 |
20130074183 | METHOD AND APPARATUS FOR DEFENDING DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACK THROUGH ABNORMALLY TERMINATED SESSION - There are provided a method and apparatus for defending a Distributed Denial-of-Service (DDoS) attack through abnormally terminated sessions. The DDoS attack defending apparatus includes: a session tracing unit configured to parse collected packets, to extract header information from the collected packets, to trace one or more abnormally terminated sessions corresponding to one of pre-defined abnormally terminated session cases, based on the header information, and then to count the number of the abnormally terminated sessions; and an attack detector configured to compare the number of the abnormally terminated sessions to a predetermined threshold value, and to determine whether a DDoS attack has occurred, according to the results of the comparison. Therefore, it is possible to significantly reduce a false-positive rate of detection of a DDoS attack and the amount of computation for detection of a DDoS attack. | 03-21-2013 |
20130263268 | METHOD FOR BLOCKING A DENIAL-OF-SERVICE ATTACK - A server receives a first echo request message which complies with an Internet control message protocol, extracts filtering information from hear information of the received first echo request message, and when a second echo request message which complies with the Internet control message protocol is received, compares header information of the received second echo request message and the extracted filtering information so as to determine whether to block an attacking packet for the received second echo request message. According to the present invention, the server blocks the attacking packet using the Internet control message protocol, thereby blocking a denial-of-service attack. | 10-03-2013 |
20140024412 | UNIVERSAL SUBSCRIBER IDENTIFICATION MODULE CARD, INCLUDING SECURITY CHIP, FOR MOBILE TERMINAL AND COMMUNICATION METHOD USING THE SAME - Disclosed herein are a universal subscriber identification module card and a communication method using the same. The universal subscriber identification module card includes a Universal Subscriber Identification Module (USIM) chip, a pad, and a security chip. The USIM chip performs the user authentication of a mobile terminal. The pad electrically connects the USIM chip to the mobile terminal when the USIM chip is inserted into the mobile terminal. The security chip performs a security function for the mobile terminal independently of the USIM chip and shares the two power terminals of the pad with the USIM chip. | 01-23-2014 |
20140082690 | MOBILE COMPUTING SYSTEM FOR PROVIDING HIGH-SECURITY EXECUTION ENVIRONMENT - A mobile computing system for providing a high-security execution environment is provided. The mobile computing system separates execution environments in the same mobile device on the basis of virtualization technology and manages user-specific execution environments using the same hardware security module, thereby facilitating protection of personal privacy. | 03-20-2014 |