WO2010123261A3 - Network-based malicious code diagnosis method and diagnosis server - Google Patents
Network-based malicious code diagnosis method and diagnosis server Download PDFInfo
- Publication number
- WO2010123261A3 WO2010123261A3 PCT/KR2010/002475 KR2010002475W WO2010123261A3 WO 2010123261 A3 WO2010123261 A3 WO 2010123261A3 KR 2010002475 W KR2010002475 W KR 2010002475W WO 2010123261 A3 WO2010123261 A3 WO 2010123261A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signature
- information
- network
- malicious code
- diagnosis
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
Abstract
According to the invention, a network-based malicious code diagnosis method comprises: receiving, through a query, first information obtained by processing a portion of a file to be diagnosed from one or more client terminals having a malicious code diagnosis engine; searching for a signature matching the first information; and generating second information including the searched signature if the signature matching the first information is found, and transmitting the second information to the client terminals. Engine data such as the signature or the like are stored on a server side, and only engine code and a portion of filtering information are stored on a client side, such that the signature is obtained through a query made to the server side only when the signature is actually required, thereby improving the efficiency of a network.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR10-2009-0035073 | 2009-04-22 | ||
| KR1020090035073A KR101045870B1 (en) | 2009-04-22 | 2009-04-22 | Network-based malware diagnosis method and diagnostic server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| WO2010123261A2 WO2010123261A2 (en) | 2010-10-28 |
| WO2010123261A3 true WO2010123261A3 (en) | 2011-01-27 |
Family
ID=43011598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/KR2010/002475 WO2010123261A2 (en) | 2009-04-22 | 2010-04-20 | Network-based malicious code diagnosis method and diagnosis server |
Country Status (2)
| Country | Link |
|---|---|
| KR (1) | KR101045870B1 (en) |
| WO (1) | WO2010123261A2 (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101218419B1 (en) * | 2010-11-09 | 2013-01-21 | 한양대학교 산학협력단 | Method and apparatus for detecting smartphone virus using cloud security architecture |
| CN102088379B (en) * | 2011-01-24 | 2013-03-13 | 国家计算机网络与信息安全管理中心 | Detecting method and device of client honeypot webpage malicious code based on sandboxing technology |
| CN103235913B (en) * | 2013-04-03 | 2016-12-28 | 北京奇虎科技有限公司 | A kind of for identifying, intercept the system of bundled software, Apparatus and method for |
| KR20140122964A (en) * | 2013-04-11 | 2014-10-21 | 주식회사 안랩 | Apparatus and system for detecting malware based on cloud and method thereof |
| CN103544035A (en) * | 2013-10-21 | 2014-01-29 | 北京奇虎科技有限公司 | Application clearing method and device for mobile terminal |
| CN105335184B (en) * | 2014-08-07 | 2020-06-12 | 北京奇虎科技有限公司 | Application installation method and device |
| CN105488401A (en) * | 2014-12-15 | 2016-04-13 | 国家计算机网络与信息安全管理中心 | Noise information clearing method and system based on probability difference |
| KR20180055626A (en) * | 2016-11-16 | 2018-05-25 | 숭실대학교산학협력단 | Device and method for detecting rooting, recording medium for performing the method |
| KR101965213B1 (en) * | 2018-07-31 | 2019-04-03 | 주식회사 업루트 | System and method for controlling process execution using enterprise white list management |
| KR101968633B1 (en) * | 2018-08-27 | 2019-04-12 | 조선대학교산학협력단 | Method for providing real-time recent malware and security handling service |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998041919A1 (en) * | 1997-03-18 | 1998-09-24 | Trend Micro, Incorporated | Virus detection in client-server system |
| US20030177394A1 (en) * | 2001-12-26 | 2003-09-18 | Dmitri Dozortsev | System and method of enforcing executable code identity verification over the network |
| JP2007011628A (en) * | 2005-06-29 | 2007-01-18 | Matsushita Electric Ind Co Ltd | Signature distribution device and signature distribution system |
| US20070220608A1 (en) * | 2000-08-31 | 2007-09-20 | F-Secure Oyj | Software virus protection |
| KR20090096822A (en) * | 2008-03-10 | 2009-09-15 | 주식회사 안철수연구소 | Detecting system and method for providing malicious code name, and server applied to the same |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101377014B1 (en) * | 2007-09-04 | 2014-03-26 | 삼성전자주식회사 | System and Method of Malware Diagnosis Mechanism Based on Immune Database |
-
2009
- 2009-04-22 KR KR1020090035073A patent/KR101045870B1/en active IP Right Grant
-
2010
- 2010-04-20 WO PCT/KR2010/002475 patent/WO2010123261A2/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998041919A1 (en) * | 1997-03-18 | 1998-09-24 | Trend Micro, Incorporated | Virus detection in client-server system |
| US20070220608A1 (en) * | 2000-08-31 | 2007-09-20 | F-Secure Oyj | Software virus protection |
| US20030177394A1 (en) * | 2001-12-26 | 2003-09-18 | Dmitri Dozortsev | System and method of enforcing executable code identity verification over the network |
| JP2007011628A (en) * | 2005-06-29 | 2007-01-18 | Matsushita Electric Ind Co Ltd | Signature distribution device and signature distribution system |
| KR20090096822A (en) * | 2008-03-10 | 2009-09-15 | 주식회사 안철수연구소 | Detecting system and method for providing malicious code name, and server applied to the same |
Also Published As
| Publication number | Publication date |
|---|---|
| KR101045870B1 (en) | 2011-07-01 |
| WO2010123261A2 (en) | 2010-10-28 |
| KR20100116393A (en) | 2010-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2010123261A3 (en) | Network-based malicious code diagnosis method and diagnosis server | |
| RU2015136264A (en) | METHOD FOR DATABASE MAINTAINING AND RELATED SERVER | |
| WO2010024606A3 (en) | System and method for providing a normal file database | |
| WO2010141799A3 (en) | Feature engineering and user behavior analysis | |
| GB201216375D0 (en) | Method of optimizing the interaction between a software application and a database server or other kind of remote data source | |
| WO2012109742A3 (en) | Systems and methods for extraction of vehicle operational data and sharing data with authorized computer networks | |
| WO2010030919A3 (en) | Sharing objects that rely on local resources with outside servers | |
| CN102081714A (en) | Cloud antivirus method based on server feedback | |
| CN107483425B (en) | Composite attack detection method based on attack chain | |
| WO2011154974A3 (en) | System and method of addressing and accessing information using a keyword identifier | |
| JP2014146307A (en) | Webshell detection/response system | |
| WO2012051360A3 (en) | Dynamic hierarchical tagging system and method | |
| WO2007131105A3 (en) | A method and system for spam, virus, and spyware scanning in a data network | |
| WO2014111944A8 (en) | Systems and methods for identifying explosives | |
| JP2012501009A5 (en) | ||
| WO2007016273A3 (en) | Systems, methods and apparatus of an email client | |
| CN106384048A (en) | Threat message processing method and device | |
| WO2014004545A3 (en) | Pushing business objects | |
| WO2012052998A8 (en) | System and method for performance measurement of networked enterprise applications | |
| RU2015113822A (en) | INHERITANCE OF UNIFIED RESOURCE ID (URI) PARAMETERS | |
| US20140025728A1 (en) | System and method for monitoring bittorrent | |
| WO2007097807A3 (en) | A method and system for password protocols in the bounded retrieval model with security against dictionary attacks and intrusions | |
| WO2012053875A3 (en) | Apparatus and system for transceiving data through fingerprint information | |
| EP2725514A3 (en) | Security information sharing system and execution method thereof | |
| CN105447342B (en) | script encryption method, decryption method and engine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10767275 Country of ref document: EP Kind code of ref document: A2 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 17/02/2012) |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 10767275 Country of ref document: EP Kind code of ref document: A2 |