Patent · US Active

Apparatus, system and method for detecting malicious code

US8955124B2 · kind B2 · utility

91Cited by

14References

13Claims

0Family size

Assignee

KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY · KR

Inventors

Yo Sik Kim · Daejeon, KR
Sang Kyun Noh · Gwangju, KR
Yoon Jung Chung · Seongnam-si, KR
Dong Soo Kim · Osan-si, KR
Won Ho Kim · Yongin-si, KR
Yu Jung Han · Suwon-si, KR
Young Tae Yun · Daejeon, KR
Ki Wook Sohn · Daejeon, KR
Cheol Won Lee · Anyang-si, KR

Key dates

Filing date	Jan 5, 2011
Grant date	Feb 10, 2015
Priority date	—
Expiry date	Apr 25, 2032

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.