System, apparatus and method of malware diagnosis mechanism based on immunization database

US 8,464,340 B2
Filed: 02/27/2008
Issued: 06/11/2013
Est. Priority Date: 09/04/2007
Status: Active Grant

First Claim

Patent Images

1. An immunization client comprising:

an immunization storage unit including a filter database which stores at least one filter and an immunization signature database including a malicious code immunization database storing a malicious code immunization signature, and a normal code immunization database storing a normal code immunization signature;

a filtering unit which extracts a code signature from a target code using the at least one filter; and

a diagnostic unit which performs an immunization operation with respect to the extracted code signature from the target code by comparing the extracted code signature with the malicious code immunization signature and with the normal code immunization signature and diagnoses, in a diagnosis, the target code to determine whether the target code is a malicious code based on a result of the comparison.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An immunization system including: an immunization client apparatus which determines whether a target code is a malicious code by performing an immunization operation with respect to a first immunization signature and a code signature that is extracted from the target code and reports the result of the determination to an immunization server; and the immunization server which diagnoses whether the target code is the malicious code, updates a second immunization signature based on the reported result of the determination, and transmits to the immunization client apparatus an update message about the updated second immunization signature, wherein the immunization client apparatus updates the first immunization signature based on the received update message is provided.

230 Citations

9 Claims

1. An immunization client comprising:
- an immunization storage unit including a filter database which stores at least one filter and an immunization signature database including a malicious code immunization database storing a malicious code immunization signature, and a normal code immunization database storing a normal code immunization signature;
  
  a filtering unit which extracts a code signature from a target code using the at least one filter; and
  
  a diagnostic unit which performs an immunization operation with respect to the extracted code signature from the target code by comparing the extracted code signature with the malicious code immunization signature and with the normal code immunization signature and diagnoses, in a diagnosis, the target code to determine whether the target code is a malicious code based on a result of the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, wherein the filter database includes a combination of filters that is unique for the client or a group including the client.
  - 3. The apparatus of claim 1, wherein the immunization operation includes an immunization operation for the malicious code immunization signature and an immunization operation for the normal code immunization signature, andthe diagnostic unit determines whether the target code is the malicious code by comparing a result of the immunization operation for the malicious code immunization signature with a first reference value, and comparing a result of the immunization operation for the normal code immunization signature with a second reference value.
  - 4. The apparatus of claim 1, further comprising:
    - a monitoring unit which selects the target code that is input into the filtering unit.
  - 5. The apparatus of claim 1, further comprising:
    - a controller which controls an operation of the target code based on a result of the diagnosis.
  - 6. The apparatus of claim 5, wherein the controller executes at least one of performing, stopping, and deleting the target code.
  - 7. The apparatus of claim 1, further comprising:
    - a reporting unit which reports a result of the diagnosis to a server.
  - 8. The apparatus of claim 1, further comprising:
    - a receiver which receives an update for the filter database or the immunization signature database, from a server.
  - 9. The apparatus of claim 8, further comprising:
    - an updating unit which updates the filter database or the immunization signature database based on the update.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Ahn, Tae Jin, Park, Taejoon
Primary Examiner(s)
Lipman, Jacob

Application Number

US12/038,378
Publication Number

US 20090064328A1
Time in Patent Office

1,931 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

G06F 21/564 by virus signature recognition

H04L 63/1416 Event detection, e.g. attac...

System, apparatus and method of malware diagnosis mechanism based on immunization database

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

230 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

System, apparatus and method of malware diagnosis mechanism based on immunization database

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links