发明名称 |
WINDOWS EXECUTABLE FILE EXTRACTION METHOD BY USING HARDWARE BASED SESSION MATCHING AND PATTERN MATCHING AND APPARATUS USING THE SAME |
摘要 |
<p>PURPOSE: A windows executable file extraction method and a device using the same are provided to analyze an execution file from a packet before inflowing into packet to a host, thereby extracting a various, a worm, or Trojan horse at an early stage. CONSTITUTION: A session matching module(50) collects input packer having payload according to a reference packet. The session matching module performs a session matching based on 5-tuple information of the reference packet. A patter matching module(60) searches MZ pattern, PE00 pattern, and MZ-PE00 pattern about packer of the session matching module. A PE(Portable Executable) processing module(70) completes a PE file combination or deletes packets which is not a PE file.</p> |
申请公布号 |
KR20100066908(A) |
申请公布日期 |
2010.06.18 |
申请号 |
KR20080125415 |
申请日期 |
2008.12.10 |
申请人 |
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE |
发明人 |
KIM, BYOUNG KOO;YOON, SEUNG YONG;KIM, IK KYUN;OH, JIN TAE;JANG, JONG SOO;CHO, HYUN SOOK |
分类号 |
G06F21/00;G06F9/44;G06F15/00;H04L12/24 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|