KR20160112744A - document security system and security method - Google Patents

document security system and security method Download PDF

Info

Publication number
KR20160112744A
KR20160112744A KR1020150038994A KR20150038994A KR20160112744A KR 20160112744 A KR20160112744 A KR 20160112744A KR 1020150038994 A KR1020150038994 A KR 1020150038994A KR 20150038994 A KR20150038994 A KR 20150038994A KR 20160112744 A KR20160112744 A KR 20160112744A
Authority
KR
South Korea
Prior art keywords
vulnerability
document
file
format
document file
Prior art date
Application number
KR1020150038994A
Other languages
Korean (ko)
Other versions
KR101670456B1 (en
Inventor
배환국
강홍석
백종덕
Original Assignee
소프트캠프(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 소프트캠프(주) filed Critical 소프트캠프(주)
Priority to KR1020150038994A priority Critical patent/KR101670456B1/en
Publication of KR20160112744A publication Critical patent/KR20160112744A/en
Application granted granted Critical
Publication of KR101670456B1 publication Critical patent/KR101670456B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Abstract

The present invention relates to a document security system and method. The document security system according to the present invention comprises: a document vulnerability determination means for determining whether a document file is abnormal; a vulnerability knowledge base configured to additionally classify vulnerability analysis data obtained in the document vulnerability determination means and to store the same if the document file is determined to be abnormal according to the determination result in the document vulnerability determination means; and a vulnerability analysis module for generating result report data with respect to the vulnerability of the document file by comparing the vulnerability analysis data which has passed the document vulnerability determination means with vulnerability analysis data pre-accumulated in the vulnerability knowledge base, and by analyzing the same. Accordingly, error vulnerabilities of an unknown document file such as a zero-day and the like can be systematized for each type so as to analyze a target document file in real-time and deduct a result.

Description

Document security system and security method Document security system and security method

The present invention relates to a document security system and a document security method, and more particularly, to a document security system and a document security method capable of detecting and analyzing an error vulnerability of a document file regardless of whether a computer document file is executed .

(Hereinafter referred to as " terminals ") such as a computer or a mobile terminal that manages and manages data including various document files, and a communication network such as the Internet that mediates mutual communication between them, But also through portable storage media such as USB memory, CD / DVD, and the like.

Meanwhile, malicious codes such as viruses, spyware, adware, and hacking tools that harm computer systems may be included in the document files.

Document files with these malicious codes are controlled by conventional vaccines.

On the other hand, an example of a security system is disclosed in Korean Patent Publication No. 10-2010-0067383 (registered on June 21, 2010, hereinafter referred to as "Patent Document 1").

However, since the vaccine is a signature method, the document file is securely handled based on the malicious code itself or the information (for example, hash information) of the document file including the malicious code. Therefore, There is a problem that security processing may not be performed on document files having vulnerabilities.

For example, if the vulnerability is not exposed until the document file is opened and executed directly, and if the vulnerability exists in the document file, the patterning of the vulnerability may become more difficult. Therefore, There is a problem that the system may be contaminated or easily exposed to an attack from the outside.

Korean Patent Publication No. 10-2010-0067383 (registered on June 21, 2010)

An object of the present invention is to provide a document security system and a document security method capable of analyzing a target document file in real time and systematically organizing error vulnerabilities of an unknown document file such as a zeroday by type, .

In addition, a document security system and document which can prevent the risk of the system in advance by judging in advance whether a document file which is inputted from the outside or already existing in a user PC, USB, or a file server contains a vulnerability of a document file, Security method.

The present invention also provides a document security system and a document security method that can detect a vulnerability of a document file having an error vulnerability that can not be caught by a computer vaccine without requiring a separate pattern DB for malicious codes.

In order to achieve the above object, a document security method according to the present invention includes: a document vulnerability determination step of determining whether a document file is abnormal; Constructing a vulnerability knowledge base for separately classifying and storing the vulnerability analysis data generated through the document vulnerability determination step when it is determined that the document file is abnormal in the document vulnerability determination step; And analyzing the vulnerability analysis data obtained through the step of determining the vulnerability of the document with the vulnerability analysis data accumulated in the vulnerability knowledge base building step to generate result report data on the vulnerability of the document file, The method comprising the steps of:

Here, it is preferable that the document security method according to the present invention further includes a format validation step of verifying the format of the document file before the document vulnerability determination step.

The document security method according to the present invention may further comprise a file conversion step of converting the file format of the document file into at least one other file format between the format verification step and the document vulnerability determination step.

According to another aspect of the present invention, there is provided a document security system comprising: document vulnerability determination means for determining whether a document file is abnormal; A vulnerability knowledge base for separately classifying and storing the vulnerability analysis data obtained by the document vulnerability determination means if it is determined that there is an abnormality in the document file according to the determination result of the document vulnerability determination means; And a vulnerability analysis module that compares the vulnerability analysis data obtained through the document vulnerability determination means with the vulnerability analysis data accumulated in advance in the vulnerability knowledge base to generate result report data on the vulnerability of the document file .

It is preferable that the document security system according to the present invention further includes file analysis means provided in the terminal and including a format verification module for verifying the format of the document file.

The file analysis module may include at least one file conversion module for converting the file format of the format-verified document file into a different file format in the format verification module.

According to the present invention, it is possible to provide a document security system and a document security method capable of analyzing a target document file in real time and structuring the error vulnerabilities of an unknown document file such as a zeroday by type, .

In addition, by constructing a knowledge base through file analysis based on known vulnerability files and by constantly updating it, the range of protection focused on known malicious codes and document files that can be controlled by conventional computer virus vaccines, To a document file having an error vulnerability that can not be caught by the document, and to predict a document having a vulnerability to a document file that is newly inflowed or unstable.

On the other hand, it is possible to find out whether a document file is vulnerable to a document file that does not require a separate pattern DB for malicious code and has an error vulnerability that can not be caught by a computer vaccine.

In addition, through vulnerability analysis and conversion, vulnerability files can be securely supported by secure processing such as quarantine or deletion.

Furthermore, the risk of the system can be prevented in advance by judging in advance whether the vulnerability is included in the document file that is infiltrated from the outside via USB, e-mail, Internet,

1 is a block diagram of a document security system according to the present invention;
FIG. 2 is a block diagram illustrating another embodiment of FIG. 1;
3 is a flowchart of a document security method according to the present invention,
4 is a flow chart showing detailed steps of the format verification step of FIG. 3,
5 is a flow chart showing still another embodiment of Fig. 3,
6 is a diagram showing an example of a format basic structure of a general document file,
7 is a diagram showing an example of the format structure of a document file having an extension of .hwp or .doc,
FIG. 8 is a diagram illustrating an example of comparing a size of original data compressed in a data header and a data size uncompressed to target data in the document body structure of FIG. 6 or FIG. 7;
9 is a diagram showing an example of the format structure of an image document file having an extension of .JPEG.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1, a document security system according to the present invention is provided in a terminal 100 in which document files 1 and 5 are downloaded, and a document file 1, 5 downloaded or pre- (Format verifier) 111 for verifying the format of the document file (1,5) before downloading to the terminal (100) or running (open) on the terminal (100) The file analyzing means 110 is connected to the file analyzing means 110 in the same manner as the terminal 100 and determines whether or not the document file 1,5 is abnormal according to the file analysis result performed by the file analyzing means 110 And a document vulnerability judging means 120 for judging the document vulnerability.

The document files 1 and 5 downloaded from the outside to the terminal 100 are stored in a removable storage medium such as an external hard disk, a USB memory, a CD / DVD, a smart phone, etc., Is stored in the drive (101) of the terminal (100) via the network (10).

The document file 1,5 downloaded to the drive 101 via the data input means 10 or stored in advance in the drive 101 is verified and analyzed by the format verification module 111, The format verification module 111 verifies whether the vulnerability document file 5 is a normal document file 1 that does not include the vulnerability document file 1 or a vulnerability document file 5 that contains a vulnerability of an abnormal file structure, If the document file is the vulnerability document file (5), it transmits the verification data such as the location, details and cause of the vulnerability existing in the document file to the document vulnerability determination means (120).

That is, the format validation module 111 checks whether or not an abnormal data structure is included in the document file according to the data structure of the document file to be verified, and determines whether the data structure of the content hidden inside the document file is abnormal .

Accordingly, it is possible to determine whether a document file is vulnerable to a document file having an error vulnerability that can not be caught by a computer vaccine such as zero-day, because it does not require a separate pattern DB for malicious code.

As shown in FIG. 1, the format validation module 111 according to the present invention includes an already known standard (for example, hwp, doc, ppt, pdf, txt, bmp, gif, And a reference format information DB 113 for storing and updating information such as a format structure and a reference detailed data structure.

4, the format verification module 111 compares the format structure for each extension of the document file with the reference format structure stored in the reference format information DB 113, (For example, hwp) of the document file are mutually matched, the detailed data structure of the extension-specific format of the document file is stored in the reference detail data structure 113 stored in the reference format information DB 113 (Open, shared, stored, or the like) of the document file is approved by the document vulnerability determination unit 120 only when the document file is not abnormally finally found, If there is an error in the document file, it is possible to take measures such as log transfer, isolation or deletion (security processing) on the document file according to the security policy.

The reference format structure and the reference detailed data structure according to the format of each extension as file information of known vulnerabilities stored and updated in the reference format information DB 113 are already publicly known, and are shown in Table 1 Data can be obtained from the bulletin website.

Extension name Website address DOC http://msdn.microsoft.com/en-us/library/office/cc313153(v=office.12).aspx JPEG http://www.opennet.ru/docs/formats/jpeg.txt HWP http://www.hancom.com/forMatQna.boardIntro.do

<Source of format structure data by extension - example>

An example in which the format verification module 111 verifies the format of a document file is shown in Table 2 below.

File name extension Extension Format Format Validation Error location Detail ***. jpeg JPEG Same Not valid COM FIELD LENGTH COM FIELD must be a positive value.
Not a positive number

As shown in Table 2, the format validation module 111 first checks whether the file name and the extension of the corresponding document file coincide with each other, checks the basic format structure for each extension of the document file, The detailed data structure of the extension of the document file is compared with the reference detail data structure and analyzed secondarily. In the case of Table 2, the file name of the corresponding document file is in agreement with 'JPEG' having the extension, and the first verification step is passed. However, the detailed data structure includes the detailed data structure of the extension (see Table 1) (Obtained from the JPEG format structure data source), and the corresponding document file is classified by the format verification module 111 into the vulnerability document file 5.

That is, the format validation module 111 determines whether the corresponding document file has an abnormal data structure based on the reference information for the extension-specific data file format structure.

For example, if the document file has a valid range for each field FIELD in the extension-specific format, and the format verification module 111 confirms that the document file has a value outside the range, in the second analysis step Since the vulnerability document file 5 may cause a problem such as a buffer overflow in the course of execution of the document file, the format validation module 111 deletes the corresponding document file from the vulnerability document file 5, And transmits it to the document vulnerability determination unit 120. [

More specifically, when the document file has a file format such as HWP or MS-OFFICE, the format validation module 111 determines whether the data size and the actual data size are the same on the header of the document file Or, whether the actual data size is too large or negative (-), and if the compressed format is too high compared to the normal case when the compression ratio is too large (this can lead to a stack overflow, And transmits the result to the document vulnerability judging means 120. The document vulnerability judging means 120 judges the possibility of the malicious code. For example, if the document file has a JPEG file format, the format validation module 111 determines whether the COM FIELD value of the corresponding document file is a negative value (based on the reference data structure, the COM FIELD value is always a positive value ) If the DHT FIELD value exceeds 256 (DHT FIELD value should be less than or equal to 256 according to the standard data structure), the corresponding document file is classified as a vulnerability document file (5) that can cause a buffer overflow And transmits it to the document vulnerability determination unit 120.

1 and 2, the file analyzing unit 110 may convert the file format of the format-verified document file (1,5) in the format verification module (111) And at least one file converter 115 for converting the file into a file format.

The file conversion module 115 determines whether conversion success or conversion failure is detected in the process of converting the extension of the document file (1,5) into another extension, a reason for failure (for example, an error code type) The document vulnerability judging unit 120 judges the document file as the vulnerability document file 5 and transmits the result data to the document vulnerability judging unit 120 so as to securely process the resultant data.

As shown in FIG. 2, the file conversion module according to the present invention may be provided with a plurality of file analysis means 110 in parallel or in series.

For example, the file conversion module 115 may convert the DOC document file into an extension such as DOCX, HWP, XML, TXT, or the like, And informs the document vulnerability judging means 120 of the judgment.

2, the file conversion module includes a file conversion module A 115a for converting a document file having a DOC extension to an extension DOCX, a file conversion module B 115b for converting the document file having the extension DOC to an extension HWP, And a file conversion module C 115c for converting the file into an extension XML, and further includes a file conversion module D for converting into an extension HTML and a file conversion module E for converting the file into an extension PDF .

When a conversion failure of the document file (1,5) occurs in the file conversion process performed by the file conversion module (115), the file conversion module (115) converts the error form into a code value And transmit it to the document vulnerability determination unit 120. Also, if the data conversion fails in the file conversion process, the location (e.g., table, figure, etc.) where the error occurred can also be left to the document vulnerability determination means 120.

Error code Error contents Where the error occurred 5 Access Denied - 9 Address Error - 13 Data Error Table

<Example of error result data in case of conversion failure>

On the other hand, the document vulnerability judging means 120 is provided with an execution program 130 allowing the document file to be used (executed or shared, stored and held) when the document file is the normal document file 1, When the document file is the vulnerability document file (5), security processing means (140) for causing the document file to log transfer, isolation, destruction or deletion according to the security policy is provided.

The execution program 130 may include, for example, software and applications such as a word processor, Korean, and Acrobat, and various other types of application programs and OS programs.

The security processing means 140 includes a storage path control module for setting a dedicated storage path according to the data inflow means 10 when the vulnerability document file 5 is isolated and a storage path control module for storing the isolation space of the vulnerability document file 5 And an isolation space management module for creating, deleting, and managing the data on a disk or a removable storage medium.

Accordingly, as shown in FIGS. 3 and 5, the vulnerability document file 5 having a vulnerability through the file analysis and conversion is subjected to security processing such as quarantine or deletion by the security processing unit 140, Document sharing environment can be supported.

1 and 2, if it is determined that there is an abnormality in the document file (1, 5) according to the determination result of the document vulnerability determination unit 120, the document security system according to the present invention, A vulnerability knowledge base 150 configured to separately classify and store the vulnerability analysis data obtained by the analysis means 110 and the document vulnerability determination means 120 and the vulnerability analysis data via the document vulnerability determination means 120, The vulnerability analysis module 160 compares the vulnerability analysis data accumulated in advance with the vulnerability analysis data accumulated in the vulnerability analysis module 150 and generates report data on the vulnerability of the document file.

Meanwhile, the vulnerability analysis data stored and updated in the vulnerability knowledge base 150 may include an error type (for example, classified in the form of a code) of the vulnerability document file 5, an error location, and an influx source.

For example, the vulnerability analysis module 160 compares the vulnerability analysis data via the document vulnerability determination means 120 with the vulnerability analysis data stored in the vulnerability knowledge base 150, (Type of vulnerability, content, name, etc.) expected based on the vulnerability link information, format validation, and result of the file conversion process in the form of a report. At this time, if there is no record of data similar to the vulnerability analysis data through the document vulnerability determination unit 120 in the vulnerability knowledge base 150, the vulnerability analysis module 160 determines that the vulnerability analysis data is vulnerable The database of the vulnerability knowledge base 150 may be updated through analysis.

Accordingly, the file format verification and the file conversion result based on the known vulnerability file are converted into a database in the vulnerability knowledge base 150, so that the vulnerability of the document file, which is infiltrated from the outside or unknown inside, The risk of the system can be prevented in advance.

In addition, by constructing the vulnerability knowledge base 150 through file analysis based on a known vulnerability file and continuously updating the vulnerability knowledge base 150, it is possible to prevent any vulnerability Or the like.

If the document file is the vulnerability document file 5, the vulnerability analysis module 160 may reuse the vulnerability analysis data through the document vulnerability determination unit 120 so that a result report for the vulnerability analysis data is generated and output .

The document security method according to the present invention will now be described with reference to FIGs. 3 to 5. FIG.

First, when the document file is downloaded to the terminal 100 or when the document file (1,5) stored in advance in the terminal (100) is executed or a check is executed by the user and the administrator, the format verification module (111) 1,5) (S100).

As an embodiment of the present invention, step 100 includes a format structure checking step (S110) of confirming a format structure for each extension of the document file (1,5) with respect to a reference format structure, And a detailed data structure analysis step (S120) of comparing the detailed data structure of the extension of the document file that has passed the structure confirmation step (S110) with the reference detailed data structure and analyzing the detailed data structure.

For reference, when the document file is a file format such as HWP or MS-OFFICE, as shown in FIG. 6, almost all the data files except the special-purpose data file are recorded with the data size in the file , It is configured to read the memory from the application program based on the data size and use the data according to the purpose of the program. Such a data structure is efficient in utilizing the data, but if the file header is damaged, there is a possibility of data loss or malfunction Therefore, the integrity of the header and the size of the data need to be verified. However, if this verification is not performed properly, it is called a security vulnerability and it is also a target of malicious code attack. Therefore, it is possible to surely verify the integrity and the data size of the header of the document file by the format verification step S100 according to the present invention.

FIG. 7 is a diagram showing an example of the format structure of a document file having an extension of .hwp or .doc, FIG. 8 is an example showing the size of original data compressed in a data header in the document body structure of FIG. 6 or FIG. (See FIG. 8 (a)) and an example of comparing the decompressed data size with the target data (see FIG. 8 (b)).

Referring to FIG. 8, in order to increase the capacity of the document data, most document files contain compressed data in the inside (right part in FIG. 8A) The size is recorded (the left part in FIG. 8A), and the compressed data can be released and edited on the memory when the document is executed.

Generally, when compressing meaningful data, the maximum value of the lossless compression algorithm can not exceed 512 times. Therefore, if the data compression ratio of the document file exceeds 512, the format validation module 111 according to the present invention can regard it as a vulnerability document file 5 including an error vulnerability that may cause a malicious buffer overflow attack (See Fig. 8 (b)). That is, the format validation module 111 calculates the data compression ratio by dividing the compressed original data size in the header of the document file by the compressed data size on the object data, and if the compression ratio is 512 or more, It can be regarded as a vulnerability document file (5).

In this case, the maximum compression ratio 512 of the data is an example, and it is needless to say that the maximum compression ratio of the data can be changed and adjusted according to the basic data structure of the extension-specific format.

9 is a diagram showing an example of the format structure of an image document file having an extension of .JPEG.

Referring to FIG. 9, in case of a normal image document file (1), the data length of the DHT should be 256 or less. Otherwise, if a value exceeding 256 is inputted, a buffer overflow occurs . However, the size of the data length is 2 bytes, and data lengths of up to 2 ^ 16-1 can be recorded. The format validation module 111 can identify the vulnerability of the document file based on the already known reference file data structure.

In the case of the normal image document file (1) in FIG. 9, COM should always be a positive number. However, if the image file has a size of 0 or minus other values, . Accordingly, the format verification module 111 can classify the document file into the vulnerability document file 5 even in this case. The vulnerability link at this time can be acquired by the reference format information DB 113 from the next source sample.

Example of vulnerability link: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0200

Next, after step 100, the document vulnerability judging unit 120 judges whether the document file is abnormal with the result of step 100 (S300).

5, between step 100 and step 300, the file conversion module 115 may convert the file format of the document file into at least one or more other file formats to verify whether or not the document file is vulnerable (S200).

If it is determined in step 300 that there is no abnormality in the document file, the document vulnerability determination unit 120 approves the use (execution, sharing, storage and maintenance) of the document file (S400) The document vulnerability determination unit 120 separately classifies and stores the vulnerability analysis data generated through the document vulnerability determination step S300 to construct the vulnerability knowledge base 150 in operation S600.

Between steps 300 and 600, the security processing unit 140 may perform at least one of log transfer, isolation, protection and deletion of the vulnerability document file 5 according to the security policy (step S500) . Steps 500 and 600 may be performed simultaneously in parallel.

In the meantime, the document security method according to the present invention compares the vulnerability analysis data passed through the document vulnerability determination unit 120 to the vulnerability analysis module 160 with the vulnerability analysis data accumulated in advance in the vulnerability knowledge base 150 And analyzing the vulnerability of the vulnerability document file 5 to generate report data on the vulnerability of the vulnerability document file 5 (S700).

Accordingly, the vulnerability analysis module 160 can generate and output a result report including the format verification result, the file conversion result, and the existing vulnerability type and similarity data.

Thus, according to the present invention, it is possible to determine whether a document file is vulnerable to a document file having an error vulnerability that can not be caught by a computer virus vaccine, because it does not require a separate pattern DB for the malicious code.

While the invention has been described in connection with what is presently considered to be practical exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

100: terminal 110: file analysis means
111: format validation module 115: file conversion module
120: document vulnerability determination means 150: vulnerability knowledge base
160: Vulnerability Analysis Module

Claims (6)

A document vulnerability determination step of determining whether a document file is abnormal;
Constructing a vulnerability knowledge base for separately classifying and storing the vulnerability analysis data generated through the document vulnerability determination step when it is determined that the document file is abnormal in the document vulnerability determination step; And
A vulnerability analysis and result derivation step of generating result report data on the vulnerability of the document file by comparing the vulnerability analysis data that has undergone the document vulnerability determination step with the vulnerability analysis data accumulated in advance through the vulnerability knowledge base establishing step;
The method comprising the steps of: The method according to claim 1,
Further comprising a format validation step of validating a format of the document file before the document vulnerability determination step. 3. The method of claim 2,
Further comprising a file conversion step of converting a file format of the document file into at least one other file format between the format verification step and the document vulnerability determination step. A document vulnerability judging means for judging whether a document file is abnormal;
A vulnerability knowledge base for separately classifying and storing the vulnerability analysis data obtained by the document vulnerability determination means if it is determined that there is an abnormality in the document file according to the determination result of the document vulnerability determination means; And
A vulnerability analysis module that compares vulnerability analysis data that has been subjected to the document vulnerability determination means with vulnerability analysis data accumulated in the vulnerability knowledge base to generate result report data on the vulnerability of the document file;
The document security system. 5. The method of claim 4,
Further comprising file analysis means, provided in the terminal, for analyzing the format of the document file and including a format verification module. 6. The method of claim 5,
Wherein the file analysis unit includes at least one file conversion module for converting the file format of the document file that has undergone the format verification in the format verification module to a different file format.
KR1020150038994A 2015-03-20 2015-03-20 document security system and security method KR101670456B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150038994A KR101670456B1 (en) 2015-03-20 2015-03-20 document security system and security method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150038994A KR101670456B1 (en) 2015-03-20 2015-03-20 document security system and security method

Publications (2)

Publication Number Publication Date
KR20160112744A true KR20160112744A (en) 2016-09-28
KR101670456B1 KR101670456B1 (en) 2016-10-28

Family

ID=57101728

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150038994A KR101670456B1 (en) 2015-03-20 2015-03-20 document security system and security method

Country Status (1)

Country Link
KR (1) KR101670456B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190042154A (en) * 2017-10-16 2019-04-24 주식회사 센티언스 Data security maintenance method for data analysis application

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101850098B1 (en) * 2017-11-21 2018-04-19 한국인터넷진흥원 Method for generating document to share vulnerability information, system and apparatus thereof
KR102188396B1 (en) * 2019-03-08 2020-12-08 신한금융투자 주식회사 Apparatus for neutralizing malicious code and hidden information included in image file and driving method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100653122B1 (en) * 2005-08-31 2006-12-01 학교법인 대전기독학원 한남대학교 Real-time detection system and method based rule for safety software development
KR20100067383A (en) 2008-12-11 2010-06-21 주식회사 티맥스 소프트 Server security system and server security method
KR101212553B1 (en) * 2012-05-11 2012-12-14 주식회사 안랩 Apparatus and method for detecting malicious files
KR101265173B1 (en) * 2012-05-11 2013-05-15 주식회사 안랩 Apparatus and method for inspecting non-portable executable files

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100653122B1 (en) * 2005-08-31 2006-12-01 학교법인 대전기독학원 한남대학교 Real-time detection system and method based rule for safety software development
KR20100067383A (en) 2008-12-11 2010-06-21 주식회사 티맥스 소프트 Server security system and server security method
KR101212553B1 (en) * 2012-05-11 2012-12-14 주식회사 안랩 Apparatus and method for detecting malicious files
KR101265173B1 (en) * 2012-05-11 2013-05-15 주식회사 안랩 Apparatus and method for inspecting non-portable executable files

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190042154A (en) * 2017-10-16 2019-04-24 주식회사 센티언스 Data security maintenance method for data analysis application
WO2019078374A1 (en) * 2017-10-16 2019-04-25 주식회사 센티언스 Data security maintenance method for data analysis use
US11263338B2 (en) 2017-10-16 2022-03-01 Sentience Inc. Data security maintenance method for data analysis application

Also Published As

Publication number Publication date
KR101670456B1 (en) 2016-10-28

Similar Documents

Publication Publication Date Title
US11609994B2 (en) File sanitization technologies
RU2638710C1 (en) Methods of detecting malicious elements of web pages
CA2491114C (en) Detection of code-free files
US8819835B2 (en) Silent-mode signature testing in anti-malware processing
US8732825B2 (en) Intelligent hashes for centralized malware detection
RU2680736C1 (en) Malware files in network traffic detection server and method
CN106557697B (en) System and method for generating a set of disinfection records
CN104680064A (en) Method and system for optimizing virus scanning of files using file fingerprints
RU2726878C1 (en) Method for faster full antivirus scanning of files on mobile device
US11520889B2 (en) Method and system for granting access to a file
KR101670456B1 (en) document security system and security method
WO2018143097A1 (en) Determination device, determination method, and determination program
KR101865785B1 (en) document security system and security method through verifying and converting document file
CN114003907A (en) Malicious file detection method and device, computing equipment and storage medium
RU2726877C1 (en) Method for selective repeated antivirus scanning of files on mobile device
CN115186255B (en) Industrial host white list extraction method and device, terminal device and storage medium
US11574049B2 (en) Security system and method for software to be input to a closed internal network
US20230244786A1 (en) File integrity monitoring
CN115495758A (en) Application program certificate storage vulnerability detection method and device
KR20190118950A (en) System and method for detecting error of electronic document
KR20240039505A (en) Security analysis method for detecting abnormal behavior in financial environment and apparatus
KR20150042024A (en) Method for distribution preventing malicious code using memory file system and file eigen value

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20191008

Year of fee payment: 4