| 发明名称 |
SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE BASED ON APPLICATION PROGRAMMING INTERFACE |
| 摘要 |
A system for detecting malicious codes based on API includes: a malicious code management server storing first suspected malicious executable files extracted from traffic to be analyzed collected or inputted; and a virtualization analysis server executing the first suspected malicious executable files received from the malicious code management server, extracting first API call information called by malicious codes in user level and in kernel level, and transmitting the extracted first API call information to the malicious code management server. |
| 申请公布号 |
US2016212156(A1) |
申请公布日期 |
2016.07.21 |
| 申请号 |
US201514606278 |
申请日期 |
2015.01.27 |
| 申请人 |
KOREA INTERNET & SECURITY AGENCY |
发明人 |
CHOI Bo Min;KANG Hong Koo;KIM Byung Ik;HWANG Tong Wook;LEE Tai Jin;SHIN Young Sang |
| 分类号 |
H04L29/06;G06F21/56 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for detecting malicious codes based on API, the system comprising:
a malicious code management server storing first suspected malicious executable files extracted from traffic to be analyzed collected or inputted; and a virtualization analysis server executing the first suspected malicious executable files received from the malicious code management server, extracting first API call information called by malicious codes in user level and in kernel level, and transmitting the extracted first API call information to the malicious code management server, wherein the malicious code management server has a malicious behavior analysis management module adapted to apply a previously set malicious code rule set to the first API call information received thereto to detect virtualized malicious behaviors. |
| 地址 |
Seoul KR |
