HARDWARE-BASED KERNEL CODE INSERTION ATTACK DETECTING DEVICE AND METHOD THEREFOR

摘要

Disclosed are a hardware-based kernel code insertion attack detecting device and a method therefor. The device detects an insertion attack, using: a trace managing unit for recognizing an indirect branch destination address by parsing a packet received from a program trace interface (PTI) of a host system; a report managing unit for receiving a report associated with an event, such as a mode change, through a trampoline; and a traffic managing unit for detecting an attempt to write on a physical code area of a memory by snooping the traffic of a bus.