Anti-malware system and operating method thereof

US 8,365,287 B2
Filed: 06/20/2011
Issued: 01/29/2013
Est. Priority Date: 06/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method of an anti-malware processor, the method comprising:

filtering by a first logic unit of the processor, input data based on a rule; and

scanning by a second logic unit of the processor, for malware in the data, the filtering and the scanning being performed at a same time,wherein the input data is packet data, the method further comprising determining whether the packet data contains data to be scanned for malware,wherein the scanning is performed only if it is determined that the packet data contains data to be scanned for malware,wherein, if the packet data does not match the rule as a result of the filtering and if it is determined that the packet data does not contain the malware as a result of the scanning, the packet data is transmitted to an external device or an application unit,wherein, if the packet data does not match the rule as a result of the filtering, but if it is determined that the packet data contains the malware as a result of the scanning, the packet data is not transmitted to an external device or an application unit, andwherein the method further comprises;

if it is determined that the packet data does not match the rule in the filtering, storing the packet data in a standby buffer; and

if it is determined that the packet data not matching the rule contains the data to be scanned for malware in the determining, copying the packet data to an auxiliary buffer and storing the packet data in the auxiliary buffer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An anti-malware device and an operating method thereof are provided. The operating method includes: filtering by a first logic unit of the processor, input data based on a rule; and scanning by a second logic unit of the processor, for malware in the data, the filtering and the scanning being performed at the same time. Accordingly, the security of the packet data is tightened.

37 Citations

View as Search Results

12 Claims

1. A method of an anti-malware processor, the method comprising:
- filtering by a first logic unit of the processor, input data based on a rule; and
  
  scanning by a second logic unit of the processor, for malware in the data, the filtering and the scanning being performed at a same time,wherein the input data is packet data, the method further comprising determining whether the packet data contains data to be scanned for malware,wherein the scanning is performed only if it is determined that the packet data contains data to be scanned for malware,wherein, if the packet data does not match the rule as a result of the filtering and if it is determined that the packet data does not contain the malware as a result of the scanning, the packet data is transmitted to an external device or an application unit,wherein, if the packet data does not match the rule as a result of the filtering, but if it is determined that the packet data contains the malware as a result of the scanning, the packet data is not transmitted to an external device or an application unit, andwherein the method further comprises;
  
  if it is determined that the packet data does not match the rule in the filtering, storing the packet data in a standby buffer; and
  
  if it is determined that the packet data not matching the rule contains the data to be scanned for malware in the determining, copying the packet data to an auxiliary buffer and storing the packet data in the auxiliary buffer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the filtering overlaps with the scanning in time.
  - 3. The method of claim 2, wherein the scanning starts before the filtering is completed.
  - 4. The method of claim 1, wherein the processor is a system-on-chip (SOC).
  - 5. The method as claimed in claim 1, wherein the input data is packet data and the method further comprising converting the packet data to be scanned for malware into data of a format for the scanning,wherein the scanning scans the converted packet data.
  - 6. The method as claimed in claim 1, further comprising, if it is determined that the packet data contains the data to be scanned for malware in the determining, determining a type of the data to be scanned for malware.
  - 7. The method as claimed in claim 1, wherein the input data is packet data and the filtering comprises:
    - first matching the packet data and a rule pattern; and
      
      determining whether to allow or block the packet data according to a result of the first matching,wherein the scanning comprises;
      
      second matching the packet data and a predetermined malware pattern; and
      
      determining whether the packet data contains the malware according to a result of the second matching.

8. An anti-malware device comprising:
- a processor comprising;
  
  a firewall engine which comprises first logic units that filter input data based on a rule, and determines whether the input data contains data to be scanned for malware; and
  
  an anti-malware engine which comprises second logic units that scan for malware in the input data, if the firewall engine determines that the input data contains the data to be scanned for malware,wherein the firewall engine filters and the anti-malware engine scans at a same timewherein the input data is packet data, the firewall engine determines whether the packet data contains data to be scanned for malware, and the second logic units scan for the malware only if the firewall engine determines that the packet data contains the data to be scanned for malware,wherein the anti-malware device further comprises a standby buffer and an auxiliary buffer,wherein the firewall engine stores the data in the standby buffer if it is determined that the packet data does not match the rule, and stores the data in the auxiliary buffer if the packet data not matching the rule contains the data to be scanned for malware.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The anti-malware device of claim 8, wherein the firewall engine filters during a first period of time and the anti-malware engine scans during a second period of time, wherein the first and second periods of time overlap.
  - 10. The anti-malware device of claim 8:
    - wherein the anti-malware engine starts to scan before the firewall engine completes filtering.
  - 11. The anti-malware device as claimed in claim 8, wherein the firewall engine determines whether the data contains the data to be scanned for malware, only if the data does not match the rule.
  - 12. The anti-malware device as claimed in claim 8, further comprising an anti-malware manager which converts the data to be scanned for malware into data of a format for the anti-malware engine,wherein the anti-malware engine scans the converted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Original Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Inventors
Yoo, InSeon
Primary Examiner(s)
Laforgia, Christian
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US13/164,770
Publication Number

US 20110314547A1
Time in Patent Office

589 Days
Field of Search

726 22- 25, 726/1, 726/13, 713/153, 713/154, 709/223, 709/224
US Class Current

726/24
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

H04L 63/145   the attack involving the pr...

Anti-malware system and operating method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Anti-malware system and operating method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links