System-on-chip malicious code detection apparatus and application-specific integrated circuit for a mobile device

摘要

System-on-chip (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in portable terminal is provided. Apparatus includes SoC including hardware-based firewall packet-filtering packet received from outside through media access control unit according to setting of firewall setting unit in SoC memory and storing filtered packet in application memory or transferring filtered packet to anti-malware engine, hardware-based anti-malware engine detecting malicious code by performing pattern-matching operation between code pattern in file transferred from firewall or file received through input/output (I/O) interface unit and pattern of malicious code registered in malware signature database (DB) of mobile device application unit, SoC memory providing setting of firewall and support file decoding function for file format recognition of anti-malware engine, and hardware-based controller controlling switching operation to transfer file filtered by firewall directly to application memory or to anti-malware engine and control malicious code detection cycle of anti-malware engine.

主权项

1. A system-on-chip (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in a portable terminal, comprising an SoC,
wherein the SoC includes: a hardware-based firewall configured to perform a packet-filtering operation on a packet received from the outside through a media access control (MAC) unit according to a setting of a firewall setting unit in an SoC memory, and then store the filtered packet in an application memory or transfer the filtered packet to an anti-malware engine; the hardware-based anti-malware engine configured to detect malicious code by performing a pattern-matching operation between a code pattern in a file transferred from the firewall or a file received through an input/output (I/O) interface unit and a pattern of malicious code registered in a malware signature database (DB) of a mobile device application unit; the SoC memory configured to provide the setting of the firewall and support a file-decoding function for file format recognition of the anti-malware engine; and a hardware-based controller configured to control a switching operation to transfer the file filtered by the firewall directly to the application memory or to the anti-malware engine, and control a malicious code detection cycle of the anti-malware engine, wherein the SoC memory includes: the firewall setting unit configured to store setting value for packet filtering of a packet filtering unit in the firewall; a decoding module configured to perform a decoding operation for the file format recognition of the ant-malware engine; and an anti-malware module configured to perform a function of organizing the malware signature DB in the SoC when a predetermined period of time elapses, and a function of processing in parallel or periodically setting malicious code detection, and wherein the firewall setting unit, the decoding module, and the anti-malware module are updated through an over-the-air (OTA) module when firewall code or code of the anti-malware engine is changed or modified via a network.