发明名称 |
APPARATUS, SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE |
摘要 |
Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.
|
申请公布号 |
US2011271343(A1) |
申请公布日期 |
2011.11.03 |
申请号 |
US20110985252 |
申请日期 |
2011.01.05 |
申请人 |
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE |
发明人 |
KIM YO SIK;NOH SANG KYUN;CHUNG YOON JUNG;KIM DONG SOO;KIM WON HO;HAN YU JUNG;YUN YOUNG TAE;SOHN KI WOOK;LEE CHEOL WON |
分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|