SYSTEM AND METHOD FOR DETECTING UNKNOWN MALICIOUS CODES BY ANALYZING KERNEL BASED SYSTEM EVENTS
PURPOSE: A system and a method for detecting unknown malicious codes by analyzing kernel based system events are provided to detect a process or module causing a harmful behavior by comparing behavior data with the defined harmful behavior. CONSTITUTION: A monitoring deriver(10) collects event data...
Saved in:
Main Authors | , , , , , , |
---|---|
Format | Patent |
Language | English Korean |
Published |
08.07.2010
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | PURPOSE: A system and a method for detecting unknown malicious codes by analyzing kernel based system events are provided to detect a process or module causing a harmful behavior by comparing behavior data with the defined harmful behavior. CONSTITUTION: A monitoring deriver(10) collects event data by monitoring an event in real time, wherein the event occurs a kernel level or system. A malicious code detecting and processing unit(20) configures behavior data from the event data and compares the behavior data with the defined harmful behaviors. The behavior data correspond to the harmful behavior, the malicious code detecting and processing unit processes the harmful behaviors. |
---|---|
Bibliography: | Application Number: KR20080136230 |