WO2010120157A3 - Method for providing computer security services using a hook, and apparatus and computer readable recording medium for same - Google Patents

Method for providing computer security services using a hook, and apparatus and computer readable recording medium for same Download PDF

Info

Publication number
WO2010120157A3
WO2010120157A3 PCT/KR2010/002421 KR2010002421W WO2010120157A3 WO 2010120157 A3 WO2010120157 A3 WO 2010120157A3 KR 2010002421 W KR2010002421 W KR 2010002421W WO 2010120157 A3 WO2010120157 A3 WO 2010120157A3
Authority
WO
WIPO (PCT)
Prior art keywords
hook
input message
recording medium
same
readable recording
Prior art date
Application number
PCT/KR2010/002421
Other languages
French (fr)
Korean (ko)
Other versions
WO2010120157A2 (en
Inventor
이희국
주성범
Original Assignee
엔에이치엔비즈니스플랫폼(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 엔에이치엔비즈니스플랫폼(주) filed Critical 엔에이치엔비즈니스플랫폼(주)
Priority to JP2012505829A priority Critical patent/JP5580878B2/en
Publication of WO2010120157A2 publication Critical patent/WO2010120157A2/en
Publication of WO2010120157A3 publication Critical patent/WO2010120157A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • User Interface Of Digital Computer (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

According to one embodiment of the present invention, the computer security service using a Hook determines the presence of a virtual input message flag in an input message or detects a hacking attempt using timing information at the kernel level, and comprises the steps of: monitoring an input message received from an operating system using a Hook; determining whether or not a virtual input message flag is included in the input message; and detecting a macro hack occurrence using the determined results.
PCT/KR2010/002421 2009-04-17 2010-04-19 Method for providing computer security services using a hook, and apparatus and computer readable recording medium for same WO2010120157A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2012505829A JP5580878B2 (en) 2009-04-17 2010-04-19 Method and apparatus for providing computer security service using hook, and computer-readable recording medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020090033432A KR101005593B1 (en) 2009-04-17 2009-04-17 Method and Apparatus for Providing Security Service Using Hook
KR10-2009-0033432 2009-04-17

Publications (2)

Publication Number Publication Date
WO2010120157A2 WO2010120157A2 (en) 2010-10-21
WO2010120157A3 true WO2010120157A3 (en) 2011-01-20

Family

ID=42983031

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2010/002421 WO2010120157A2 (en) 2009-04-17 2010-04-19 Method for providing computer security services using a hook, and apparatus and computer readable recording medium for same

Country Status (3)

Country Link
JP (1) JP5580878B2 (en)
KR (1) KR101005593B1 (en)
WO (1) WO2010120157A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101434094B1 (en) * 2013-03-18 2014-08-26 한양대학교 에리카산학협력단 Blocking harmful application by intent monitoring in android platform
KR101421633B1 (en) 2013-04-02 2014-07-23 주식회사 잉카인터넷 Speed Hack Detection System and Method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040042731A (en) * 2002-11-15 2004-05-20 엘지엔시스(주) File and registry monitoring method for host system
KR20050090541A (en) * 2004-03-09 2005-09-14 주식회사 하우리 Method for preventing key input from hacking, computer-readable storage medium recorded with program for preventing key input from hacking
KR20060059757A (en) * 2004-11-29 2006-06-02 주식회사 안철수연구소 Preventing method of computer programmed automatic input
KR20060059795A (en) * 2004-11-29 2006-06-02 주식회사 안철수연구소 Method of sensing time modification of internal time by a computer program
KR20060093932A (en) * 2005-02-23 2006-08-28 제이알소프트 주식회사 Method that can secure keyboard key stroke using secure input filter driver and keyboard secure input bho of internet explorer in windows operating system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4439711B2 (en) 2000-10-19 2010-03-24 Necエレクトロニクス株式会社 Data processing apparatus and system
KR100483700B1 (en) * 2003-12-03 2005-04-19 주식회사 잉카인터넷 Method to cut off an illegal process access and manipulation for the security of online game client by real-time
WO2007037640A1 (en) * 2005-09-28 2007-04-05 Ahn Lab, Inc. Method for detecting modification of internal time in computer system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040042731A (en) * 2002-11-15 2004-05-20 엘지엔시스(주) File and registry monitoring method for host system
KR20050090541A (en) * 2004-03-09 2005-09-14 주식회사 하우리 Method for preventing key input from hacking, computer-readable storage medium recorded with program for preventing key input from hacking
KR20060059757A (en) * 2004-11-29 2006-06-02 주식회사 안철수연구소 Preventing method of computer programmed automatic input
KR20060059795A (en) * 2004-11-29 2006-06-02 주식회사 안철수연구소 Method of sensing time modification of internal time by a computer program
KR20060093932A (en) * 2005-02-23 2006-08-28 제이알소프트 주식회사 Method that can secure keyboard key stroke using secure input filter driver and keyboard secure input bho of internet explorer in windows operating system

Also Published As

Publication number Publication date
KR101005593B1 (en) 2011-01-05
JP5580878B2 (en) 2014-08-27
WO2010120157A2 (en) 2010-10-21
JP2012524325A (en) 2012-10-11
KR20100114969A (en) 2010-10-27

Similar Documents

Publication Publication Date Title
WO2012058487A3 (en) Data loss monitoring of partial data streams
WO2012154664A3 (en) Methods, systems, and computer readable media for detecting injected machine code
WO2006091944A3 (en) Location-based enhancements for wireless intrusion detection
WO2010147837A3 (en) Enhanced presence detection for routing decisions
WO2010150008A3 (en) Method and system for provision of cryptographic services
WO2010105099A3 (en) Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions
WO2010144796A3 (en) Integrated cyber network security system and method
IL197477A0 (en) System and method for detecting new malicious executables, based on discovering and monitoring of characteristic system call sequences
WO2010082763A3 (en) Apparatus and method for handover in mobile communication system
WO2011100630A3 (en) Methods, systems, and computer readable media for diameter application loop prevention
PH12015500919B1 (en) Method and apparatus for encoding video by using block merging, and method and apparatus for decoding video by using block merging
WO2007007326A3 (en) System and method for detection and recovery of malfunction in mobile devices
GB2508540A (en) Malware scanning
TW200612278A (en) Methods, computer program products and data structures for intrusion detection, interusion response and vulnerability remediation across target computer systems
MY151479A (en) Method and apparatus for detecting shellcode insertion
WO2011152687A3 (en) Method for allowing one device to detect another device
CA2816970A1 (en) Using power fingerprinting (pfp) to monitor the integrity and enhance security of computer based systems
WO2007082204A3 (en) Asset performance optimization
WO2011112702A3 (en) Apparatus, system and method for detecting the presence of genuine serviceable product components
WO2007148314A3 (en) Secure domain information protection apparatus and methods
SI1872583T1 (en) Method of video processing, computer readable medium containing instructions implementing said method and video processing system.
ATE466472T1 (en) METHOD AND SYSTEM FOR DESYNCHRONIZATION INTERRUPTED RECEIPT DETECTION AND RESTORATION
WO2004095281A3 (en) System and method for network quality of service protection on security breach detection
WO2010105043A3 (en) Methods, systems, and computer readable media for short message service (sms) forwarding
WO2012021806A3 (en) Multi-process communication regarding gaming information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10764696

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2012505829

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10764696

Country of ref document: EP

Kind code of ref document: A2