APPARATUS AND METHOD FOR DETECTING DLL INSERTED BY MALICIOUS CODE
First Claim
Patent Images
1. A method of detecting a Dynamic Link Library (DLL) inserted by a malicious code, comprising:
- collecting first DLL information from an image file of a process before the process is executed;
collecting second DLL information loaded into a memory as the process is executed;
comparing the first DLL information with the second DLL information to extract information on an explicit DLL; and
determining whether the explicit DLL is a DLL inserted by a malicious code or not.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are an apparatus and method for detecting a Dynamic Link Library (DLL) inserted by a malicious code. The method includes collecting first DLL information from an image file of a process before the process is executed; collecting second DLL information loaded into a memory as the process is executed; comparing the first DLL information with the second DLL information to extract information on an explicit DLL; and determining whether the explicit DLL is a DLL inserted by a malicious code or not.
107 Citations
12 Claims
-
1. A method of detecting a Dynamic Link Library (DLL) inserted by a malicious code, comprising:
-
collecting first DLL information from an image file of a process before the process is executed; collecting second DLL information loaded into a memory as the process is executed; comparing the first DLL information with the second DLL information to extract information on an explicit DLL; and determining whether the explicit DLL is a DLL inserted by a malicious code or not. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for detecting a DLL inserted by a malicious code, comprising:
-
a DLL information collector that collects first DLL information from an image file of a process before the process is executed and collects second DLL information that is loaded into a memory as the process is executed; and a malicious DLL detector that compares the first DLL information with the second DLL information to extract information on an explicit DLL and determines whether the extracted explicit DLL is a DLL that is inserted by a malicious code or not. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification