SYSTEM AND METHOD OF DETECTING ANOMALY MALICIOUS CODE BY USING PROCESS BEHAVIOR PREDICTION TECHNIQUE
First Claim
Patent Images
1. An anomaly malicious code detection system using a process behavior prediction technique, comprising:
- a DB filtering module performing primary malicious code filtering with respect to execution codes executed in a system;
a system resource monitor module monitoring a system resource to collect each event information generated by the execution codes executed in the system;
a reprocessing module reprocessing each event information collected in the system resource monitor module to reconstruct it into one integrated log representing a related behavior feature value of the execution codes;
a behavior prediction information processing module inputting the integrated log reconstructed in the reprocessing module into a learning algorithm to extract an anomaly malicious behavior feature value (a prediction pattern); and
an anomaly malicious behavior detection module comparing the anomaly malicious behavior feature value extracted from the behavior prediction information pressing module with the behavior feature value data constructed in the reprocessing module to detect a malicious behavior.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided are a pattern analyzing/detecting method and a system using the same that are capable of detecting and effectively preventing an unknown malicious code attack. To detect such an attack, the method monitors the system to combine all behaviors exhibited within the system due to corresponding malicious codes, reprocess and learn the behaviors, analyze existing malicious behavior feature values (prediction patterns), and compare them with a behavior pattern exhibited by an execution code.
58 Citations
8 Claims
-
1. An anomaly malicious code detection system using a process behavior prediction technique, comprising:
-
a DB filtering module performing primary malicious code filtering with respect to execution codes executed in a system; a system resource monitor module monitoring a system resource to collect each event information generated by the execution codes executed in the system; a reprocessing module reprocessing each event information collected in the system resource monitor module to reconstruct it into one integrated log representing a related behavior feature value of the execution codes; a behavior prediction information processing module inputting the integrated log reconstructed in the reprocessing module into a learning algorithm to extract an anomaly malicious behavior feature value (a prediction pattern); and an anomaly malicious behavior detection module comparing the anomaly malicious behavior feature value extracted from the behavior prediction information pressing module with the behavior feature value data constructed in the reprocessing module to detect a malicious behavior. - View Dependent Claims (2, 3, 4)
-
-
5. A method of detecting an anomaly malicious code by using a process behavior prediction technique, comprising the steps of:
-
performing primary malicious code filtering on execution codes executed in a system; performing system resource monitoring to collect each event information generated by the execution codes executed in the system; reprocessing each of the event information collected during the performing of the system resource monitoring to reconstruct one integrated log representing a related behavior feature value of the execution codes; inputting the integrated log reconstructed during the reprocessing of each of the event information into a learning algorithm to extract an anomaly malicious behavior feature value (a prediction pattern); and comparing the anomaly malicious behavior feature value extracted during the inputting of the reconstructed integrated log with the behavior feature value data constructed during the reprocessing of the event information to detect malicious behaviors. - View Dependent Claims (6, 7, 8)
-
Specification