发明名称 |
APPARATUS AND METHOD FOR DETECTING DYNAMIC LINK LIBRARY INSERTED BY MALICIOUS CODE |
摘要 |
PROBLEM TO BE SOLVED: To provide an apparatus and method for determining whether or not a DLL inserted into a memory region of a specific process is the one developed with malicious intent. SOLUTION: The method for detecting DLL includes: a step of collecting first dynamic link library (DLL) information from an image file of a process before the process is executed; a step of collecting second DLL information loaded into a memory as the process is executed; a step of comparing the first DLL information with the second DLL information which are collected to extract information on an explicit DLL; and a step of determining whether or not the extracted explicit DLL is the DLL inserted by a malicious code. Thus, information on the DLL inserted with malicious intent may be utilized as a tool for analyzing an attacked system. COPYRIGHT: (C)2009,JPO&INPIT |
申请公布号 |
JP2009129451(A) |
申请公布日期 |
2009.06.11 |
申请号 |
JP20080294358 |
申请日期 |
2008.11.18 |
申请人 |
KOREA ELECTRONICS TELECOMMUN |
发明人 |
JANG MOON SU;KIM HONG CHUL;YUN YOUNG TAE |
分类号 |
G06F21/22;G06F21/24 |
主分类号 |
G06F21/22 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|