System and method for detecting hidden process using system event information
First Claim
1. A system for detecting a hidden process using system event information is characterized by detecting a process that is present only in a kernel layer as a hidden process by comparing a process list extracted from system event information obtained through kernel layer monitoring and a process list provided from an application list to a user.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting a hidden process using system event information are provided. The system includes: a kernel layer monitoring module for extracting system event information by monitoring a kernel layer system; a kernel layer process list detecting module for detecting processes related to an event from the extracted system event information; an application layer process list detecting module for detecting a process list provided to a user from an application layer; and a hidden process detecting module for detecting a process that is present only in the kernel layer as a hidden process by comparing the processes detected from the kernel layer process list detecting module and the processes detected from the application layer process list detecting module.
126 Citations
16 Claims
- 1. A system for detecting a hidden process using system event information is characterized by detecting a process that is present only in a kernel layer as a hidden process by comparing a process list extracted from system event information obtained through kernel layer monitoring and a process list provided from an application list to a user.
-
7. A system for detecting a hidden process using system event information, comprising:
-
a kernel layer monitoring module for extracting system event information by monitoring a kernel layer system; a kernel layer process list detecting module for detecting processes related to an event from the extracted system event information; an application layer process list detecting module for detecting a process list provided to a user from an application layer; and a hidden process detecting module for detecting a process that is present only in the kernel layer as a hidden process by comparing the processes detected from the kernel layer process list detecting module and the processes detected from the application layer process list detecting module. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for detecting a hidden process using system event information comprising the steps of:
-
a) extracting system event information by monitoring a kernel layer system; b) detecting processes related to an event from the extracted system event information; c) detecting a process list provided from an application layer to a user; and d) detecting a process that is present only in the kernel layer as a hidden process by comparing the processed detected from the step b) with the processed in the process list detected from the step c). - View Dependent Claims (15, 16)
-
Specification