The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Feb. 10, 2015
Filed:
Jan. 05, 2011
Yo Sik Kim, Daejeon, KR;
Sang Kyun Noh, Gwangju, KR;
Yoon Jung Chung, Seongnam-si, KR;
Dong Soo Kim, Pohang-si, KR;
Won Ho Kim, Daejeon, KR;
Yu Jung Han, Suwon-si, KR;
Young Tae Yun, Daejeon, KR;
Ki Wook Sohn, Daejeon, KR;
Cheol Won Lee, Daejeon, KR;
Yo Sik Kim, Daejeon, KR;
Sang Kyun Noh, Gwangju, KR;
Yoon Jung Chung, Seongnam-si, KR;
Dong Soo Kim, Pohang-si, KR;
Won Ho Kim, Daejeon, KR;
Yu Jung Han, Suwon-si, KR;
Young Tae Yun, Daejeon, KR;
Ki Wook Sohn, Daejeon, KR;
Cheol Won Lee, Daejeon, KR;
Electronics and Telecommunications Research Institute, Daejeon, KR;
Abstract
Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.