主权项 |
1. A system-on-chip (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in a portable terminal, comprising an SoC,
wherein the SoC includes: a hardware-based firewall configured to perform a packet-filtering operation on a packet received from the outside through a media access control (MAC) unit according to a setting of a firewall setting unit in an SoC memory, and then store the filtered packet in an application memory or transfer the filtered packet to an anti-malware engine; the hardware-based anti-malware engine configured to detect malicious code by performing a pattern-matching operation between a code pattern in a file transferred from the firewall or a file received through an input/output (I/O) interface unit and a pattern of malicious code registered in a malware signature database (DB) of a mobile device application unit; the SoC memory configured to provide the setting of the firewall and support a file-decoding function for file format recognition of the anti-malware engine; and a hardware-based controller configured to control a switching operation to transfer the file filtered by the firewall directly to the application memory or to the anti-malware engine, and control a malicious code detection cycle of the anti-malware engine, wherein the SoC memory includes: the firewall setting unit configured to store setting value for packet filtering of a packet filtering unit in the firewall; a decoding module configured to perform a decoding operation for the file format recognition of the ant-malware engine; and an anti-malware module configured to perform a function of organizing the malware signature DB in the SoC when a predetermined period of time elapses, and a function of processing in parallel or periodically setting malicious code detection, and wherein the firewall setting unit, the decoding module, and the anti-malware module are updated through an over-the-air (OTA) module when firewall code or code of the anti-malware engine is changed or modified via a network. |