[go: up one dir, main page]

WO2010036057A3 - A malware detector for the diagnosis of an illegal memory access and a control method thereof - Google Patents

A malware detector for the diagnosis of an illegal memory access and a control method thereof Download PDF

Info

Publication number
WO2010036057A3
WO2010036057A3 PCT/KR2009/005495 KR2009005495W WO2010036057A3 WO 2010036057 A3 WO2010036057 A3 WO 2010036057A3 KR 2009005495 W KR2009005495 W KR 2009005495W WO 2010036057 A3 WO2010036057 A3 WO 2010036057A3
Authority
WO
WIPO (PCT)
Prior art keywords
control method
diagnosis
malware detector
memory access
illegal memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2009/005495
Other languages
French (fr)
Korean (ko)
Other versions
WO2010036057A2 (en
Inventor
박희안
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ahnlab Inc
Original Assignee
Ahnlab Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ahnlab Inc filed Critical Ahnlab Inc
Publication of WO2010036057A2 publication Critical patent/WO2010036057A2/en
Publication of WO2010036057A3 publication Critical patent/WO2010036057A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • G06F9/4484Executing subprograms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4494Execution paradigms, e.g. implementations of programming paradigms data driven
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/453Help systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Debugging And Monitoring (AREA)
  • Human Computer Interaction (AREA)

Abstract

The present invention relates to a malware detector for detecting malware attempting to access a memory and a control method thereof. The malware detector according to the present invention comprises an environment process detection module for extracting context information on a particular thread and searching which process the context belongs to; a generation process detection module for searching a process that actually generated the thread; and a control module for comparing the environment process with the generation process.
PCT/KR2009/005495 2008-09-25 2009-09-25 A malware detector for the diagnosis of an illegal memory access and a control method thereof Ceased WO2010036057A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020080094054A KR101012669B1 (en) 2008-09-25 2008-09-25 Malware detector for diagnosing illegal memory access and its control method
KR10-2008-0094054 2008-09-25

Publications (2)

Publication Number Publication Date
WO2010036057A2 WO2010036057A2 (en) 2010-04-01
WO2010036057A3 true WO2010036057A3 (en) 2010-07-08

Family

ID=42060295

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2009/005495 Ceased WO2010036057A2 (en) 2008-09-25 2009-09-25 A malware detector for the diagnosis of an illegal memory access and a control method thereof

Country Status (2)

Country Link
KR (1) KR101012669B1 (en)
WO (1) WO2010036057A2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101252185B1 (en) * 2010-08-10 2013-04-05 주식회사 잉카인터넷 method for blocking hack using thread check

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040098902A (en) * 2003-05-16 2004-11-26 주식회사 안철수연구소 Device and Method for Detecting Malicious Code of Process Memory
KR20040104112A (en) * 2003-06-03 2004-12-10 주식회사 안철수연구소 Device and Method For Detecting Malicious Thread
KR20050053401A (en) * 2003-12-02 2005-06-08 주식회사 하우리 Method for removing computer virus, and computer-readable storage medium recorded with virus-removing program
US20060031940A1 (en) * 2004-08-07 2006-02-09 Rozman Allen F System and method for protecting a computer system from malicious software
US20070250927A1 (en) * 2006-04-21 2007-10-25 Wintutis, Inc. Application protection
US20090158260A1 (en) * 2007-12-17 2009-06-18 Jung Hwan Moon Apparatus and method for automatically analyzing program for detecting malicious codes triggered under specific event/context
US20090187992A1 (en) * 2006-06-30 2009-07-23 Poston Robert J Method and system for classification of software using characteristics and combinations of such characteristics

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040098902A (en) * 2003-05-16 2004-11-26 주식회사 안철수연구소 Device and Method for Detecting Malicious Code of Process Memory
KR20040104112A (en) * 2003-06-03 2004-12-10 주식회사 안철수연구소 Device and Method For Detecting Malicious Thread
KR20050053401A (en) * 2003-12-02 2005-06-08 주식회사 하우리 Method for removing computer virus, and computer-readable storage medium recorded with virus-removing program
US20060031940A1 (en) * 2004-08-07 2006-02-09 Rozman Allen F System and method for protecting a computer system from malicious software
US20070250927A1 (en) * 2006-04-21 2007-10-25 Wintutis, Inc. Application protection
US20090187992A1 (en) * 2006-06-30 2009-07-23 Poston Robert J Method and system for classification of software using characteristics and combinations of such characteristics
US20090158260A1 (en) * 2007-12-17 2009-06-18 Jung Hwan Moon Apparatus and method for automatically analyzing program for detecting malicious codes triggered under specific event/context

Also Published As

Publication number Publication date
WO2010036057A2 (en) 2010-04-01
KR101012669B1 (en) 2011-02-11
KR20100034852A (en) 2010-04-02

Similar Documents

Publication Publication Date Title
WO2012154664A3 (en) Methods, systems, and computer readable media for detecting injected machine code
WO2011075270A3 (en) Touch panel region of interest reporting scheme
BR112013001190A8 (en) method performed by a data processing apparatus associated with a capacitive touch sensor and system
WO2011002811A3 (en) Arrangement for identifying uncontrolled events at the process module level and methods thereof
GB201319170D0 (en) Malware detection
EP2584495A3 (en) Image processing method and apparatus for detecting target
WO2008091785A3 (en) System and method for determining data entropy to identify malware
WO2007025279A3 (en) Apparatus and method for analyzing and supplementing a program to provide security
WO2013130285A3 (en) Gesture detection based on information from multiple types of sensors
WO2009008939A3 (en) Method for finding paths in video
WO2012061663A3 (en) Using power fingerprinting (pfp) to monitor the integrity and enhance security of computer based systems
WO2008063415A3 (en) Remote display tamper detection using data integrity operations
WO2006107624A3 (en) System and method for acoustic signature extraction, detection, discrimination, and localization
WO2011050089A3 (en) Preventing and responding to disabling of malware protection software
WO2010001231A3 (en) Processing and detecting baseline changes in signals
WO2010005800A3 (en) Posture state detection using selectable system control parameters
WO2012054131A3 (en) Social engineering protection appliance
WO2007009009A3 (en) Systems and methods for identifying sources of malware
WO2008042786A3 (en) Multivariate detection of transient regions in a process control system
WO2011002798A3 (en) Automatic fault detection and classification in a plasma processing system and methods thereof
GB2508540A (en) Malware scanning
WO2007117582A3 (en) Malware detection system and method for mobile platforms
WO2012154320A8 (en) System and method for detecting and repairing defects in an electrochromic device using thermal imaging
WO2010150052A3 (en) Methods and apparatuses for avoiding denial of service attacks by rogue access points
WO2011047296A3 (en) Detecting and responding to malware using link files

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09816450

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09816450

Country of ref document: EP

Kind code of ref document: A2