KR101725670B1 - System and method for malware detection and prevention by checking a web server - Google Patents
System and method for malware detection and prevention by checking a web server Download PDFInfo
- Publication number
- KR101725670B1 KR101725670B1 KR1020150149004A KR20150149004A KR101725670B1 KR 101725670 B1 KR101725670 B1 KR 101725670B1 KR 1020150149004 A KR1020150149004 A KR 1020150149004A KR 20150149004 A KR20150149004 A KR 20150149004A KR 101725670 B1 KR101725670 B1 KR 101725670B1
- Authority
- KR
- South Korea
- Prior art keywords
- file
- code
- changed
- malicious
- signature
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
Abstract
The present invention relates to a system and method for detecting and blocking a malicious code using a web server check. More particularly, the present invention relates to a system and method for detecting and forbidding malicious code using a web server check, To detect malicious posts from bulletin boards, to extract signatures for blocking malicious codes by using detected malicious codes, and to block malicious codes using signatures.
Description
One embodiment of the present invention relates to a system and method for processing malicious code using a web server check, and more particularly, to a malicious code detection method for detecting a malicious code embedded in a web page or a bulletin board, And blocking access to malicious URL addresses.
Recently, malicious codes are spreading through websites, and these malicious codes are being downloaded and executed in a state that the user can not recognize, which is a big threat. The infected user's personal computer (PC) leaks important information such as an official certificate or personal information, or becomes a bot, causing secondary damage by performing an attack instead of an attacker's command.
Therefore, in order to protect the user's PC from these threats, studies are being actively conducted to identify where the malicious code is distributed. At the heart of the research is whether users can detect and block threatening sites. Until now, methods of detecting the modulation of web pages and analyzing the files linked to the link structure of web sites have been studied and classified as normal or abnormal sites (hereinafter, referred to as "eau") based on the analysis.
Conventional techniques are largely divided into a method of detecting in a web server and a method of detecting in a user environment. In a method of detecting by a web server, a specific event such as a file creation or a change is detected by using a callback function of a web server operating system, and a forgery or falsification is detected by comparing the file with a original file (a file stored in the original database) , The method of recovering to the original is used. However, this method can not be used when it is frequently changed by ordinary users such as bulletin boards (it is difficult to store and manage all the bulletin board files created by the user in the original database), and when the administrator updates the web page, The database also needs to be modified.
In the method of detecting in the user environment, since the web page received from the web server is checked in a separate module installed in the client, it is possible to prevent forgery and falsification in the intermediate path, but it is not effective when the web server is falsified.
SUMMARY OF THE INVENTION The present invention has been made to solve the above problems of the related art, and it is an object of the present invention to provide a web server that includes a bulletin board to be checked while detecting a change in a web server, automatically updates a normal web page update by a manager, It is intended to provide a technique for blocking the distribution of malicious code by an attacker by generating a blocking signature (which refers to a piece of code or a pattern held by malicious code).
However, the objects of the present invention are not limited to those mentioned above, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.
According to an aspect of the present invention, there is provided a malicious code processing system comprising: a web server for providing a web page and a bulletin board; And a checking server for checking whether or not a malicious post including the suspicious code exists by checking whether a suspicious code preset in the bulletin board is included.
At this time, the malicious code may be at least one of a file received in connection with the suspicious code, a URL address connected with the suspect code, and the malicious post.
At this time, when the malicious post is found as a result of the inspection, the inspection server deletes the malicious post from the bulletin board or deletes the malicious code included in the malicious post and corrects the deletion .
The malicious code processing system may further include a backup file database for storing a file of a web page included in the web server as a backup file, and if the changed file exists in the web server, Checking the electronic signature of the file and comparing the backup file stored in the backup file database with the changed file to extract a changed code if the changed file is not a change made by an authorized user; Code to the central signature management server, and the changed file can be restored using the backup file.
At this time, if the changed file is changed by the authorized user as a result of checking of the digital signature, the checking server may update the changed file to the backup file database.
In this case, the inspection server may transmit malicious code included in the malicious post to the central signature management server, and the malicious code processing system may store the malicious code received from the inspection server in a malicious code database A central signature management server for analyzing the malicious code stored in the malicious code database to generate a signature for the malicious code and storing the signature in a signature database; And a blocking agent that receives the signature from the central signature management server and monitors traffic of the web server to block an attack packet including the signature.
According to another aspect of the present invention, there is provided a malicious code processing system comprising: a web server for providing a web page and a bulletin board; A backup file database for storing a file of a web page included in the web server as a backup file; And checking the digital signature of the changed file if the changed file exists in the web server, and if the changed file is not changed by the authorized user, the backup file and the changed file stored in the backup file database Extracts the changed code, and restores the changed file using the backup file.
At this time, the malicious code may be at least one of a file received in association with the changed file, and a URL address linked with the changed file.
At this time, if the changed file is changed by the authorized user as a result of checking of the digital signature, the checking server may update the changed file to the backup file database.
The malicious code processing system may further include a malicious code database for storing malicious code received from the malicious code database. The malicious code processing system may further comprise: A central signature management server for analyzing the malicious code stored in the malicious code database to generate a signature for the malicious code and storing the signature in a signature database; And a blocking agent that receives the signature from the central signature management server and monitors traffic of the web server to block an attack packet including the signature.
A malicious code processing method according to an embodiment of the present invention includes the steps of checking whether a suspicious code set in a post is included in a test server; And judging, by the inspection server, the post including the suspect code as a malicious post including a malicious code if a post including the suspect code exists as a result of the inspection, It is stored on the bulletin board included in the web server.
At this time, the malicious code may be at least one of a file received in connection with the suspicious code, a URL address connected with the suspect code, and the malicious post.
If the malicious post exists, the step of removing the malicious code may further include deleting the malicious post from the bulletin board or deleting the malicious code included in the malicious post and correcting the deletion.
In this case, the malicious code processing method may include: checking the digital signature of the changed file if the changed file exists in the web server at the inspection server; If the changed file is not changed by the authorized user, the inspection server compares the backup file stored in the backup file database with the changed file to extract the changed code, and transmits the changed code to the malicious code Determining and transmitting to the central signature management server; And restoring the modified file using the backup file stored in the backup file database in the inspection server.
The malicious code processing method may further include the step of updating the changed file in the backup file database by the inspection server if the changed file is changed by the authorized user as a result of the checking of the digital signature.
The malicious code processing method may further include transmitting malicious code included in the malicious post to the centralized signature management server at the inspection server if the malicious post including the suspicious code exists as a result of the inspection; Analyzing the malicious code received by the central signature management server to generate a signature for the malicious code; And blocking the attack packet including the signature by receiving the signature from the central signature management server at the blocking agent, monitoring the traffic of the web server, and blocking the signature.
According to another embodiment of the present invention, there is provided a malicious code processing method comprising the steps of: checking a digital signature of a changed file in a web server when a changed file exists in the web server; Comparing the backup file stored in the backup file database with the changed file and extracting the changed code if the changed file is not changed by the authorized user as a result of the checking of the digital signature; And restoring the changed file using the backup file stored in the backup file database in the inspection server.
At this time, the malicious code may be at least one of a file received in association with the changed file, and a URL address linked with the changed file.
The malicious code processing method may further include the step of updating the changed file in the backup file database by the inspection server if the changed file is changed by the authorized user as a result of the checking of the digital signature.
At this time, the malicious code processing method includes the steps of: the checking server determines that the changed code is a malicious code and transmits it to the central signature management server; Analyzing the malicious code received by the central signature management server to generate a signature for the malicious code; And blocking the attack packet including the signature by receiving the signature from the central signature management server at the blocking agent, monitoring the traffic of the web server, and blocking the signature.
The present invention can broaden the inspection range from the existing web page by checking the bulletin board page which has previously been difficult to check, and automatically update the inconvenience that the manager has to manually update the backup file database when the web page is changed. And can prevent malicious code from spreading by using the signature information obtained during the inspection process.
1 is a diagram showing a schematic configuration of a malicious code processing system using a web server check according to an embodiment.
2 is a flowchart illustrating a process of inspecting a malicious code in a system according to an embodiment and blocking a malicious code.
3 is a flowchart illustrating a process of inspecting a post by an inspection server of a system according to an exemplary embodiment of the present invention.
4 is a flowchart illustrating a process of inspecting a web page file in a check server of a system according to an embodiment of the present invention.
FIG. 5 is a flowchart illustrating a process of inspecting and blocking a post in an inspection server of a system according to an exemplary embodiment of the present invention.
FIG. 6 is a flowchart illustrating a process of inspecting and blocking a web page file in the inspection server of the system according to an exemplary embodiment of the present invention.
It is to be understood that the specific structural or functional descriptions of embodiments of the present invention disclosed herein are only for the purpose of illustrating embodiments of the inventive concept, But may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.
Embodiments in accordance with the concepts of the present invention are capable of various modifications and may take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. However, it is not intended to limit the embodiments according to the concepts of the present invention to the specific disclosure forms, but includes changes, equivalents, or alternatives falling within the spirit and scope of the present invention.
The terms first, second, or the like may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example without departing from the scope of the right according to the concept of the present invention, the first element being referred to as the second element, Similarly, the second component may also be referred to as the first component.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Expressions that describe the relationship between components, for example, "between" and "immediately" or "directly adjacent to" should be interpreted as well.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises ", or" having ", and the like, are used to specify one or more of the features, numbers, steps, operations, elements, But do not preclude the presence or addition of steps, operations, elements, parts, or combinations thereof.
Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.
Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
Hereinafter, a malicious code processing system and method using a web server check according to an embodiment of the present invention will be described in detail with reference to FIGS. 1 to 4 attached hereto.
1 is a diagram showing a schematic configuration of a system for processing malicious code using a web server check according to an embodiment.
Referring to FIG. 1, a malicious code processing system using a web server check includes a
The
The
The web
The web
If the digital signature of the changed file does not match the digital signature of the authorized user (that is, if the changed file is not changed by the authorized user), the web
On the other hand, if the digital signature of the changed file matches the digital signature of the authorized user (that is, if the changed file is changed by the authorized user), the web
The
The bulletin
For example, if you use a hidden iframe that allows the user to visually notify the user of the web browser by setting the width and height properties to a very small value such as 0 or 1, the URL to which the redirection code connects The address of the current domain is set to an address of another domain other than the sub-address of the current domain, and the automatic file download function is used.
If there is a malicious post including the suspicious code, the bulletin
At this time, the malicious code may be at least one of a received file related to the suspicious code, a URL address associated with the suspicious code, and a malicious post.
The central
The
The
The
The blocking
The
The blocking
Hereinafter, a malicious code processing method using the Web server check according to the present invention will be described with reference to the drawings.
2 is a flowchart illustrating a process of inspecting a malicious code in a system according to an embodiment and blocking a malicious code.
Referring to FIG. 2, the bulletin
As a result of the checking in
Meanwhile, the web
If the malicious code checking event of the web page occurs in
Thereafter, the central
If the malicious code exists in
Thereafter, the blocking
3 is a flowchart illustrating a process of inspecting a post by an inspection server of a system according to an exemplary embodiment of the present invention.
Referring to FIG. 3, the bulletin
For example, if you set the width and height properties to a very small value such as 0 or 1, and you use a hidden iframe that will not be visible to the user on the web browser, redirection code The address of the URL to be connected is set to an address of another domain other than a sub-address of the current domain, or an automatic file download function is used.
If it is determined in
At this time, the malicious code may be at least one of a received file related to the suspicious code, a URL address associated with the suspicious code, and a malicious post.
Then, the bulletin
Then, the bulletin
4 is a flowchart illustrating a process of inspecting a web page file in a check server of a system according to an embodiment of the present invention.
Referring to FIG. 4, the web
If the changed file exists in
At this time, an authorized user such as an administrator has a secret key, so that a digital signature can be generated using a secret key.
If the digital signature of the changed file does not match the digital signature of the authorized user (that is, if the changed file is not changed by the authorized user), the web
Then, the web
If the digital signature of the changed file matches the digital signature of the authorized user (that is, if the changed file is changed by the authorized user) as a result of the checking in
As shown in FIG. 2, extraction of a malicious code from a web page and extraction of a malicious code from a bulletin board may be performed at the same time, or may be separately performed as shown in FIGS. 5 and 6 below.
FIG. 5 is a flowchart illustrating a process of inspecting and blocking a post in an inspection server of a system according to an exemplary embodiment of the present invention.
Referring to FIG. 5, the bulletin
If it is determined in
For example, if you set the width and height properties to a very small value such as 0 or 1, and you use a hidden iframe that will not be visible to the user on the web browser, redirection code The address of the URL to be connected is set to an address of another domain other than a sub-address of the current domain, or an automatic file download function is used.
If it is determined in
At this time, the malicious code may be at least one of a received file related to the suspicious code, a URL address associated with the suspicious code, and a malicious post.
Then, the bulletin
Then, the bulletin
The
Thereafter, the blocking
FIG. 6 is a flowchart illustrating a process of inspecting and blocking a web page file in the inspection server of the system according to an exemplary embodiment of the present invention.
Referring to FIG. 6, the web
At this time, the malicious code inspection event of the web page may occur at a predetermined cycle, or when a new web page file is added to the web page or a file of the existing web page is changed. In the following description, a newly added web page file or a modified web page file is described as a changed file.
If the malicious code detection event of the web page occurs in
If it is determined in
If the digital signature of the changed file does not match the digital signature of the authorized user (that is, if the changed file is not changed by the authorized user), the web
Then, the web
The
Thereafter, the blocking
On the other hand, if it is determined in
The apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components. For example, the apparatus and components described in the embodiments may be implemented within a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA) A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For ease of understanding, the processing apparatus may be described as being used singly, but those skilled in the art will recognize that the processing apparatus may have a plurality of processing elements and / As shown in FIG. For example, the processing unit may comprise a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as a parallel processor.
The software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may be configured to configure the processing device to operate as desired or to process it collectively or collectively Device can be commanded. The software and / or data may be in the form of any type of machine, component, physical device, virtual equipment, computer storage media, or device , Or may be permanently or temporarily embodied in a transmitted signal wave. The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.
The method according to an embodiment may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions to be recorded on the medium may be those specially designed and configured for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. For example, it is to be understood that the techniques described may be performed in a different order than the described methods, and / or that components of the described systems, structures, devices, circuits, Lt; / RTI > or equivalents, even if it is replaced or replaced.
Therefore, other implementations, other embodiments and equivalents to the claims are within the scope of the following claims.
110: Web server
111: File system of the Web server
120:
121: Web page management unit
122: Backup file database
123: bulletin board manager
130: Central Signature Management Server
131: Malicious code database
132: Analysis section
133: Signature database
140: Blocking agent
141: Update section
142:
Claims (21)
An inspection server for checking whether a predetermined suspicious code is included in a post of the bulletin board to check whether a malicious post including the suspicious code is present and transmitting the malicious code included in the malicious post to a central signature management server;
Storing the malicious code received from the inspection server in a malicious code database, generating a signature for the malicious code by analyzing the malicious code stored in the malicious code database and storing the signature in the signature database, server; And
And a blocking agent that receives the signature from the central signature management server and monitors traffic of the web server to block an attack packet including the signature,
The inspection server,
In the case of using a hidden iframe, if the address of the URL to which the redirection code is connected is set to an address of another domain other than the current address of the current domain, and the case of using the file automatic download function is included Judges that the suspect code is included,
The malicious code,
At least one of a file received in association with the suspect code, a URL address associated with the suspect code, and the malicious post
Malicious code processing system.
The inspection server,
If the malicious post exists, the malicious post is deleted from the bulletin board or the malicious code included in the malicious post is deleted and corrected
Malicious code processing system.
Further comprising a backup file database for storing a file of a web page included in the web server as a backup file,
The inspection server,
Checking the digital signature of the changed file if the changed file exists in the web server and comparing the backup file stored in the backup file database with the changed file if the changed file is not changed by the authorized user Extracts the changed code, judges the changed code as a malicious code, transmits the modified code to the central signature management server, and restores the changed file using the backup file
Malicious code processing system.
The inspection server,
If the changed file is a change made by the authorized user as a result of the checking of the digital signature, updating the changed file to the backup file database
Malicious code processing system.
A backup file database for storing a file of a web page included in the web server as a backup file;
Checking the digital signature of the changed file if the changed file exists in the web server and comparing the backup file stored in the backup file database with the changed file if the changed file is not changed by the authorized user Extracting the changed code, restoring the changed file using the backup file, judging the changed code as a malicious code, and transmitting it to the central signature management server;
Storing the malicious code received from the inspection server in a malicious code database, generating a signature for the malicious code by analyzing the malicious code stored in the malicious code database and storing the signature in the signature database, server; And
And a blocking agent that receives the signature from the central signature management server and monitors traffic of the web server to block an attack packet including the signature,
The malicious code,
At least one of a file received in association with the changed file and a URL address associated with the changed file
Malicious code processing system.
The inspection server,
If the changed file is a change made by the authorized user as a result of the checking of the digital signature, updating the changed file to the backup file database
Malicious code processing system.
And if the post including the suspicious code exists, the inspection server judges the post including the suspect code as a malicious post including the malicious code, and transmits the malicious code included in the malicious post to the central signature management Transmitting to a server;
Transmitting the malicious code included in the malicious post to the central signature management server at the inspection server if the malicious post including the suspicious code exists;
Analyzing the malicious code received by the central signature management server to generate a signature for the malicious code; And
Blocking agent intercepting the attack packet including the signature by receiving the signature from the central signature management server and monitoring traffic of the web server,
The post is stored in a bulletin board included in a web server to be inspected of the inspection server,
Wherein the inspecting comprises:
In the case of using a hidden iframe, if the address of the URL to which the redirection code is connected is set to an address of another domain other than the current address of the current domain, and the case of using the file automatic download function is included Judges that the suspect code is included,
The malicious code,
At least one of a file received in association with the suspect code, a URL address associated with the suspect code, and the malicious post
How to handle malware.
And if the malicious post exists, deleting the malicious post from the bulletin board or deleting the malicious code included in the malicious post and correcting the deletion
How to handle malware.
Checking the digital signature of the changed file if the changed file exists in the web server;
If the changed file is not changed by the authorized user, the inspection server compares the backup file stored in the backup file database with the changed file to extract the changed code, and transmits the changed code to the malicious code Determining and transmitting to the central signature management server; And
And restoring the modified file using the backup file stored in the backup file database at the inspection server
How to handle malware.
If the changed file is a change made by the authorized user as a result of the checking of the digital signature, updating the modified file to the backup file database by the inspection server
How to handle malware.
Comparing the backup file stored in the backup file database with the changed file and extracting the changed code if the changed file is not changed by the authorized user as a result of the checking of the digital signature;
Restoring the changed file using the backup file stored in the backup file database at the inspection server;
Determining that the changed code is a malicious code and transmitting the modified code to a central signature management server;
Analyzing the malicious code received by the central signature management server to generate a signature for the malicious code; And
Blocking agent receives the signature from the central signature management server and monitors the traffic of the web server to block an attack packet including the signature,
The malicious code,
At least one of a file received in association with the changed file and a URL address associated with the changed file
How to handle malware.
If the changed file is a change made by the authorized user as a result of the checking of the digital signature, updating the modified file to the backup file database by the inspection server
How to handle malware.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150149004A KR101725670B1 (en) | 2015-10-26 | 2015-10-26 | System and method for malware detection and prevention by checking a web server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150149004A KR101725670B1 (en) | 2015-10-26 | 2015-10-26 | System and method for malware detection and prevention by checking a web server |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101725670B1 true KR101725670B1 (en) | 2017-04-26 |
Family
ID=58704860
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150149004A KR101725670B1 (en) | 2015-10-26 | 2015-10-26 | System and method for malware detection and prevention by checking a web server |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101725670B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102367545B1 (en) * | 2021-05-07 | 2022-02-25 | (주) 코아맥스테크놀로지 | Method and system for preventing network pharming |
KR102495371B1 (en) * | 2022-05-13 | 2023-02-06 | 프라이빗테크놀로지 주식회사 | System for controlling data flow based on application test and method thereof |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070220068A1 (en) | 2006-02-15 | 2007-09-20 | Bruce Thompson | Electronic document and business process control |
-
2015
- 2015-10-26 KR KR1020150149004A patent/KR101725670B1/en active IP Right Grant
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070220068A1 (en) | 2006-02-15 | 2007-09-20 | Bruce Thompson | Electronic document and business process control |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102367545B1 (en) * | 2021-05-07 | 2022-02-25 | (주) 코아맥스테크놀로지 | Method and system for preventing network pharming |
KR102495371B1 (en) * | 2022-05-13 | 2023-02-06 | 프라이빗테크놀로지 주식회사 | System for controlling data flow based on application test and method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107659583B (en) | Method and system for detecting attack in fact | |
US11165820B2 (en) | Web injection protection method and system | |
US8621624B2 (en) | Apparatus and method for preventing anomaly of application program | |
US8572750B2 (en) | Web application exploit mitigation in an information technology environment | |
US9954889B2 (en) | Method and system for malicious code detection | |
US20160065600A1 (en) | Apparatus and method for automatically detecting malicious link | |
US20140053267A1 (en) | Method for identifying malicious executables | |
US9323925B2 (en) | Method and system for prevention of windowless screen capture | |
CN103856471B (en) | cross-site scripting attack monitoring system and method | |
US20110252476A1 (en) | Early detection of potential malware | |
KR101080953B1 (en) | System and method for detecting and protecting webshell in real-time | |
US10230757B2 (en) | Method and system for handling malware | |
US10033761B2 (en) | System and method for monitoring falsification of content after detection of unauthorized access | |
KR20070049514A (en) | Malignant code monitor system and monitoring method using thereof | |
KR100912794B1 (en) | Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search | |
WO2012103646A1 (en) | Determining the vulnerability of computer software applications to privilege-escalation attacks | |
WO2016121348A1 (en) | Anti-malware device, anti-malware system, anti-malware method, and recording medium in which anti-malware program is stored | |
US10412101B2 (en) | Detection device, detection method, and detection program | |
JP5656266B2 (en) | Blacklist extraction apparatus, extraction method and extraction program | |
US20170104776A1 (en) | System for analyzing and maintaining data security in backup data and method thereof | |
KR100745639B1 (en) | Method for protecting file system and registry and apparatus thereof | |
KR101725670B1 (en) | System and method for malware detection and prevention by checking a web server | |
KR101372906B1 (en) | Method and system to prevent malware code | |
US10880316B2 (en) | Method and system for determining initial execution of an attack | |
Ceponis et al. | Evaluation of open source server-side XSS protection solutions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GRNT | Written decision to grant |