SYSTEM AND METHOD FOR DETECTING UNKNOWN MALICIOUS CODES BY ANALYZING KERNEL BASED SYSTEM EVENTS

PURPOSE: A system and a method for detecting unknown malicious codes by analyzing kernel based system events are provided to detect a process or module causing a harmful behavior by comparing behavior data with the defined harmful behavior. CONSTITUTION: A monitoring deriver(10) collects event data...

Full description

Saved in:
Bibliographic Details
Main Authors KIM, KI HONG, JEONG, HYUN CHEOL, JI, SEUNG GOO, IM, CHAE TAE, NOH, SANG KYUN, JUNG, GA RAM, OH, JOO HYUNG
Format Patent
LanguageEnglish
Korean
Published 08.07.2010
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:PURPOSE: A system and a method for detecting unknown malicious codes by analyzing kernel based system events are provided to detect a process or module causing a harmful behavior by comparing behavior data with the defined harmful behavior. CONSTITUTION: A monitoring deriver(10) collects event data by monitoring an event in real time, wherein the event occurs a kernel level or system. A malicious code detecting and processing unit(20) configures behavior data from the event data and compares the behavior data with the defined harmful behaviors. The behavior data correspond to the harmful behavior, the malicious code detecting and processing unit processes the harmful behaviors.
Bibliography:Application Number: KR20080136230