System and method for analyzing malicious code protocol and generating harmful traffic
First Claim
1. A malicious code protocol analyzer comprising:
- a malicious code protocol analysis unit which loads attack code including malicious code and analyzes data in the malicious code to produce the malicious code protocol analysis result;
a CVE analysis unit which confirms whether the malicious code input from the malicious code protocol analysis unit exists in a CVE database and, when it is determined that the malicious code exists in the CVE database, analyzing CVE information for the malicious code to generate CVE analysis information; and
a graphic user interface unit which constructs the attack code in the malicious code protocol analysis unit and displays the malicious code protocol analysis result and the CVE analysis result.
0 Assignments
0 Petitions
Accused Products
Abstract
The provided method and system is a method and system for analyzing the malicious code protocol and generating harmful traffic. The harmful traffic generating method constructs packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic, and then sets network vulnerability scanning for generating a second attack packet for carrying out network vulnerability scanning. Subsequently, the method constructs attack information for generating a third attack packet in the form of denial of service, and generates harmful traffic using the packet protocol information, network vulnerability scanning and attack information. Accordingly, performance testing of the network security system against malicious code attacks such as the Internet worm can be performed.
-
Citations
14 Claims
-
1. A malicious code protocol analyzer comprising:
-
a malicious code protocol analysis unit which loads attack code including malicious code and analyzes data in the malicious code to produce the malicious code protocol analysis result;
a CVE analysis unit which confirms whether the malicious code input from the malicious code protocol analysis unit exists in a CVE database and, when it is determined that the malicious code exists in the CVE database, analyzing CVE information for the malicious code to generate CVE analysis information; and
a graphic user interface unit which constructs the attack code in the malicious code protocol analysis unit and displays the malicious code protocol analysis result and the CVE analysis result. - View Dependent Claims (2, 3)
-
-
4. A harmful traffic generator comprising:
-
a packet protocol configuration unit which constructs packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic;
a network vulnerability scanning unit which constructs network vulnerability scanning for generating a second attack packet;
an attack protocol configuration unit which constructs attack information for generating a third attack packet in the form of denial of service;
a packet driver which actually generates harmful traffic using the packet information constructed by the packet protocol configuration unit, network vulnerability scanning unit and attack protocol configuration unit; and
a graphic user interface unit which transmits a received set value to the packet protocol configuration unit, network vulnerability scanning unit or attack protocol configuration unit, and displays the packet protocol information, network vulnerability scanning and attack information, and harmful traffic generated by the packet driver. - View Dependent Claims (5)
-
-
6. A system for analyzing a malicious code protocol and generating harmful traffic, comprising:
-
a malicious code protocol analyzer including a malicious code protocol analysis unit which loads an attack code including malicious code and analyzes data in the malicious code to produce the malicious code protocol analysis result, a CVE analysis unit which confirms whether the malicious code input from the malicious code protocol analysis unit exists in a CVE database and, when it is determined that the malicious code exists in the CVE database, analyzes CVE information for the malicious code to generate CVE analysis information, and a first graphic user interface unit which constructs the attack code in the malicious code protocol analysis unit and displays the malicious code protocol analysis result and the CVE analysis result; and
a harmful traffic generator including a packet protocol configuration unit which constructs packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic, a network vulnerability scanning unit which sets network vulnerability scanning for generating a second attack packet for performing network vulnerability scanning, an attack protocol configuration unit which constructs attack information for generating a third attack packet in the form of denial of service, a packet driver which actually generates harmful traffic using the packet information constructed by the packet protocol configuration unit, network vulnerability scanning unit and attack protocol configuration unit, and a second graphic user interface unit which transmits a received set value to the packet protocol configuration unit, network vulnerability scanning unit or attack protocol configuration unit and displays the packet protocol information, network vulnerability scanning and attack information, and harmful traffic generated by the packet driver. - View Dependent Claims (7, 8)
-
-
9. A method for analyzing a malicious code protocol comprising:
-
(a) loading an attack code including malicious code;
(b) determining whether the malicious code included in the attack code exists in a CVE database;
(c) analyzing CVE and malicious code protocol for the malicious code when it is determined that the malicious code exists in the CVE database; and
(d) analyzing malicious code protocol for the malicious code when it is determined that the malicious code does not exist in the CVE database. - View Dependent Claims (10, 11)
-
-
12. A harmful traffic generating method comprising:
-
constructing packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic;
setting network vulnerability scanning for generating a second attack packet for carrying out network vulnerability scanning;
constructing attack information for generating a third attack packet in the form of denial of service; and
generating harmful traffic using the packet protocol information, network vulnerability scanning and attack information. - View Dependent Claims (13, 14)
-
Specification