SYSTEM FOR DETECTING HOST FILE OF MALICIOUS EXECUTABLE CODE AND METHOD THEREFOR

Title:

SYSTEM FOR DETECTING HOST FILE OF MALICIOUS EXECUTABLE CODE AND METHOD THEREFOR

Document Type and Number:

WIPO Patent Application WO/2014/119869

Kind Code:

A1

Abstract:

The present invention relates to a system for detecting a host file of a malicious executable code executed before the execution of an antivirus program by reversely tracking the execution path of the malicious code in a computer system, and a method therefor. According to the present invention, a system for detecting a host file of a malicious executable code includes: a log collection part for recording as a log the execution process identifier, work kind, and file identifier from the input/output of the file filtered by a file system filter driver; a log classification part for storing the identifier associated with the work kind of the collected log according to the execution process identifier in a process information storage, and the work kind performed according to the file identifier in a file information storage; a process file association part for generating a process file association structure by connecting the execution process identifier and the file identifier associated with each other by a link based on the information stored in the process information storage and the file information storage, generating a file node in the link, and recording the work kind performed by the execution process identifier to the file identifier in the file node; and a log check part for reversely tracking all the processes and files associated with an arbitrary process based on the process file association structure generated by the process file association part.

More Like This:

JP2004032523	NETWORK SECURITY METHOD AND APPARATUS
JP6629978	Unmanned aerial vehicle intrusion detection and countermeasures
JP2023136182	IMAGE PROCESSING DEVICE AND IMAGE PROCESSING METHOD

Inventors:

KO BO SEUNG (KR)

Application Number:

PCT/KR2014/000625

Publication Date:

August 07, 2014

Filing Date:

January 22, 2014

Export Citation:

Click for automatic bibliography generation Help

Assignee:

INCA INTERNET CO LTD (KR)

International Classes:

G06F21/55

Foreign References:

JPH11282673A	1999-10-15
KR101013419B1	2011-02-14
KR20120071863A	2012-07-03

Attorney, Agent or Firm:

SEAH PARTNERS PATENT & LAW FIRM (KR)
특허법인 세아 (KR)

Download PDF:

View/Download PDF PDF Help

Previous Patent: METHOD FOR MANUFACTURING METAL NANOPARTICLES FOR SOLAR CELL, INK COMPOSITION COMPRISING METAL NANOPA...

Next Patent: FISCHER-TROPSCH SYNTHESIS CATALYST COMPRISING COO PHASE PARTICLES AND METHOD FOR PREPARING LIQUID HY...