System, apparatus and method of malware diagnosis mechanism based on immunization database
First Claim
1. An immunization client comprising:
- an immunization storage unit including a filter database which stores at least one filter and an immunization signature database including a malicious code immunization database storing a malicious code immunization signature, and a normal code immunization database storing a normal code immunization signature;
a filtering unit which extracts a code signature from a target code using the at least one filter; and
a diagnostic unit which performs an immunization operation with respect to the extracted code signature from the target code by comparing the extracted code signature with the malicious code immunization signature and with the normal code immunization signature and diagnoses, in a diagnosis, the target code to determine whether the target code is a malicious code based on a result of the comparison.
1 Assignment
0 Petitions
Accused Products
Abstract
An immunization system including: an immunization client apparatus which determines whether a target code is a malicious code by performing an immunization operation with respect to a first immunization signature and a code signature that is extracted from the target code and reports the result of the determination to an immunization server; and the immunization server which diagnoses whether the target code is the malicious code, updates a second immunization signature based on the reported result of the determination, and transmits to the immunization client apparatus an update message about the updated second immunization signature, wherein the immunization client apparatus updates the first immunization signature based on the received update message is provided.
230 Citations
9 Claims
-
1. An immunization client comprising:
-
an immunization storage unit including a filter database which stores at least one filter and an immunization signature database including a malicious code immunization database storing a malicious code immunization signature, and a normal code immunization database storing a normal code immunization signature; a filtering unit which extracts a code signature from a target code using the at least one filter; and a diagnostic unit which performs an immunization operation with respect to the extracted code signature from the target code by comparing the extracted code signature with the malicious code immunization signature and with the normal code immunization signature and diagnoses, in a diagnosis, the target code to determine whether the target code is a malicious code based on a result of the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification