METHOD AND APPARATUS FOR MALWARE DETECTION
First Claim
Patent Images
1. A method for detecting malware, comprising:
- determining whether an input file is an executable file or not by analyzing a header of the input file;
determining whether the input file is malware or not through a plurality of predetermined conditions by analyzing the header of the input file if the input file is an executable file; and
outputting a signal corresponding to presence of malware if the input file is determined as malware.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to an apparatus and method for detecting malware. The malware detection apparatus and method of the present invention determines whether a file is malware or not by analyzing the header of an executable file. Since the malware detection apparatus and method can quickly detect presence of malware, it can shorten detection time considerably. The malware detection apparatus and method can also detect even unknown malware as well as known malware to thereby estimate and determine presence of malware. Therefore, it is possible to cope with malware in advance, protect a system with a program, and increase security level remarkably.
293 Citations
15 Claims
-
1. A method for detecting malware, comprising:
-
determining whether an input file is an executable file or not by analyzing a header of the input file; determining whether the input file is malware or not through a plurality of predetermined conditions by analyzing the header of the input file if the input file is an executable file; and outputting a signal corresponding to presence of malware if the input file is determined as malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus for detecting malware, comprising:
-
a header extractor for extracting a header of an input file; a file determiner for determining whether the input file is an executable file or not; a header analyzer for analyzing the extracted header of the file and deciding a probability that the input file is malware based on a determination result of the file determiner; and a malware determiner for collecting determination results of the header analyzer, finally determining whether the input file is malware, and outputting a final determination result. - View Dependent Claims (14, 15)
-
Specification