System and method for analyzing malicious code protocol and generating harmful traffic

US 20060130145A1
Filed: 06/14/2005
Published: 06/15/2006
Est. Priority Date: 11/20/2004
Status: Abandoned Application

First Claim

Patent Images

1. A malicious code protocol analyzer comprising:

a malicious code protocol analysis unit which loads attack code including malicious code and analyzes data in the malicious code to produce the malicious code protocol analysis result;

a CVE analysis unit which confirms whether the malicious code input from the malicious code protocol analysis unit exists in a CVE database and, when it is determined that the malicious code exists in the CVE database, analyzing CVE information for the malicious code to generate CVE analysis information; and

a graphic user interface unit which constructs the attack code in the malicious code protocol analysis unit and displays the malicious code protocol analysis result and the CVE analysis result.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The provided method and system is a method and system for analyzing the malicious code protocol and generating harmful traffic. The harmful traffic generating method constructs packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic, and then sets network vulnerability scanning for generating a second attack packet for carrying out network vulnerability scanning. Subsequently, the method constructs attack information for generating a third attack packet in the form of denial of service, and generates harmful traffic using the packet protocol information, network vulnerability scanning and attack information. Accordingly, performance testing of the network security system against malicious code attacks such as the Internet worm can be performed.

Citations

14 Claims

1. A malicious code protocol analyzer comprising:
- a malicious code protocol analysis unit which loads attack code including malicious code and analyzes data in the malicious code to produce the malicious code protocol analysis result;
  
  a CVE analysis unit which confirms whether the malicious code input from the malicious code protocol analysis unit exists in a CVE database and, when it is determined that the malicious code exists in the CVE database, analyzing CVE information for the malicious code to generate CVE analysis information; and
  
  a graphic user interface unit which constructs the attack code in the malicious code protocol analysis unit and displays the malicious code protocol analysis result and the CVE analysis result.
- View Dependent Claims (2, 3)
- - 2. The malicious code protocol analyzer of claim 1, further comprising a results database which stores and manages the malicious code protocol analysis result and the CVE analysis result.
  - 3. The malicious code protocol analyzer of claim 1, wherein the CVE information corresponds to at least one of TCP/IP protocol information and attack pattern information.

4. A harmful traffic generator comprising:
- a packet protocol configuration unit which constructs packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic;
  
  a network vulnerability scanning unit which constructs network vulnerability scanning for generating a second attack packet;
  
  an attack protocol configuration unit which constructs attack information for generating a third attack packet in the form of denial of service;
  
  a packet driver which actually generates harmful traffic using the packet information constructed by the packet protocol configuration unit, network vulnerability scanning unit and attack protocol configuration unit; and
  
  a graphic user interface unit which transmits a received set value to the packet protocol configuration unit, network vulnerability scanning unit or attack protocol configuration unit, and displays the packet protocol information, network vulnerability scanning and attack information, and harmful traffic generated by the packet driver.
- View Dependent Claims (5)
- - 5. The harmful traffic generator of claim 4, further comprising a results database which stores and manages the packet protocol information, network vulnerability scanning and attack information constructed by the packet protocol configuration unit, network vulnerability scanning unit and attack protocol configuration unit.

6. A system for analyzing a malicious code protocol and generating harmful traffic, comprising:
- a malicious code protocol analyzer including a malicious code protocol analysis unit which loads an attack code including malicious code and analyzes data in the malicious code to produce the malicious code protocol analysis result, a CVE analysis unit which confirms whether the malicious code input from the malicious code protocol analysis unit exists in a CVE database and, when it is determined that the malicious code exists in the CVE database, analyzes CVE information for the malicious code to generate CVE analysis information, and a first graphic user interface unit which constructs the attack code in the malicious code protocol analysis unit and displays the malicious code protocol analysis result and the CVE analysis result; and
  
  a harmful traffic generator including a packet protocol configuration unit which constructs packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic, a network vulnerability scanning unit which sets network vulnerability scanning for generating a second attack packet for performing network vulnerability scanning, an attack protocol configuration unit which constructs attack information for generating a third attack packet in the form of denial of service, a packet driver which actually generates harmful traffic using the packet information constructed by the packet protocol configuration unit, network vulnerability scanning unit and attack protocol configuration unit, and a second graphic user interface unit which transmits a received set value to the packet protocol configuration unit, network vulnerability scanning unit or attack protocol configuration unit and displays the packet protocol information, network vulnerability scanning and attack information, and harmful traffic generated by the packet driver.
- View Dependent Claims (7, 8)
- - 7. The system of claim 6, wherein the first and second graphic user interfaces are common to the system.
  - 8. The system of claim 6, further comprising a results database which stores and manages the malicious code protocol analysis result, the CVE analysis result, the packet protocol information, and network vulnerability scanning and attack information constructed by the packet protocol configuration unit, network vulnerability scanning unit and attack protocol configuration unit.

9. A method for analyzing a malicious code protocol comprising:
- (a) loading an attack code including malicious code;
  
  (b) determining whether the malicious code included in the attack code exists in a CVE database;
  
  (c) analyzing CVE and malicious code protocol for the malicious code when it is determined that the malicious code exists in the CVE database; and
  
  (d) analyzing malicious code protocol for the malicious code when it is determined that the malicious code does not exist in the CVE database.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further comprising displaying the analysis results of (c) and (d) through a graphic user interface unit.
  - 11. The method of claim 9, further comprising storing and managing the analysis result of (d) in a results database.

12. A harmful traffic generating method comprising:
- constructing packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic;
  
  setting network vulnerability scanning for generating a second attack packet for carrying out network vulnerability scanning;
  
  constructing attack information for generating a third attack packet in the form of denial of service; and
  
  generating harmful traffic using the packet protocol information, network vulnerability scanning and attack information.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising analyzing the generated harmful traffic and displaying the analysis result on the screen of a graphic user interface.
  - 14. The method of claim 12, further comprising storing and managing the generated harmful traffic in a results database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Byeong Cheol Choi, Dong I.L. Seo
Original Assignee
Byeong Cheol Choi, Dong I.L. Seo
Inventors
Choi, Byeong Cheol, Seo, Dong Il

Application Number

US11/152,987
Publication Number

US 20060130145A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1433 Vulnerability analysis

System and method for analyzing malicious code protocol and generating harmful traffic

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for analyzing malicious code protocol and generating harmful traffic

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links