| 摘要 |
PURPOSE: Apparatus and a method for detecting a homepage compromised by a malicious code are provided to determine the compromised status of a homepage by downloading a web source of the homepage without accessing the homepage for detection. CONSTITUTION: A database (620) stores vulnerability class ID tag values, normal file header values, abnormal iframe tags, image tag size patterns, and malicious shell codes. A class ID tag search part (632) searches a web source for a class ID tag, and a file header value search part (638) searches the web source for a file header value. An iframe and image tag search part (634) searches the web source for an iframe tag or an image tag. A malicious shell code search part (636) searches the web source for a malicious shell code and determines whether a homepage is compromised by a malicious code. [Reference numerals] (612) Web source download part; (614) File download part; (620) Database; (632) Class ID tag search part; (634) Iframe and image tag search part; (636) Malicious shell code search part; (638) File header value search part; (642) First comparison part; (644) Second comparison part; (646) Third comparison part; (650) Quantification part; (AA) Homepage; (BB,EE) Web source; (CC) Class id tag; (DD,GG,LL,NN) Malicious code-compromised Y/N; (FF) My frame tag, image tag; (HH) File; (II) Chance of being compromised by a malicious code; (JJ) Malicious shell code; (KK) File header value; (MM) Vulnerable point class id tag value; (OO) Abnormal iframe and image tag size pattern; (PP) Normal file header value
|
