摘要 |
The present specification relates to an apparatus for hiding shellcode, which hides shellcode and a decoder in a 24-bit BMP file in an executable state, and a method thereof, and an apparatus for detecting intrusion, which infers whether a message is inserted into an image based on a steganography technique and detects hidden shellcode based on an emulation technique, and a method thereof. To this end, the method for hiding shellcode according to the present specification comprises the steps of loading a 24-bit BMP format image file, prestored in a storage unit, through a scanning module; checking whether there is a decoder which can be inserted into the loaded image file, among a plurality of decoders prestored in a decoder repository, through the scanning module; sending information about an image file related to an image file corresponding to the decoder which can be inserted, when there is a decoder which can be inserted into the loaded image file among the decoders, through the scanning module; sending information about the image file sent from the scanning module, to a hiding module through a determining module; and inserting shellcode and the decoder into the image file, based on the information about the image file, through the hiding module. |
申请人 |
AGENCY FOR DEFENSE DEVELOPMENT |
发明人 |
LEE, KYEONG SIK;KIM, JIN SOO;YUN, HO SANG;CHOI, HWA JAE;KUM, YOUNG JUN;KIM, HUY KANG |