Method and apparatus for detecting malware and recording medium thereof
First Claim
1. A method of detecting malware in a terminal via a server, the method comprising:
- generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals;
calculating a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines respectively corresponding to the plurality of terminals;
clustering the plurality of generated virtual machines into groups based on the calculated similarity value; and
in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as the first virtual machine.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of detecting malware in a terminal, the method including: generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals; clustering the plurality of generated virtual machines into groups based on respective profile information of each terminal of the plurality of terminals; and in response to the malware being detected in a first terminal among the plurality of terminals, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine, via the second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as a first virtual machine.
13 Citations
15 Claims
-
1. A method of detecting malware in a terminal via a server, the method comprising:
-
generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals; calculating a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines respectively corresponding to the plurality of terminals; clustering the plurality of generated virtual machines into groups based on the calculated similarity value; and in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as the first virtual machine. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of detecting malware in a terminal, the method comprising:
-
transferring information about a profile of the terminal to a virtual machine generated in a server, the virtual machine corresponding to the terminal; in response to the malware being detected in another terminal which is clustered into the same group as the terminal, receiving information with respect to the detection of the malware from the virtual machine; and displaying the received information with respect to the detection of the malware, wherein the terminal and the other terminal are clustered into the same group based on a similarity value calculated based on exchanged information about the profile of the terminal among the virtual machines respectively corresponding to the plurality of terminals. - View Dependent Claims (7)
-
-
8. A server configured to detect malware of a terminal, the server comprising:
-
a memory configured to store a plurality of virtual machines respectively corresponding to a plurality of terminals; a processor configured to calculate a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines based on respectively corresponding to the plurality of terminals and cluster the plurality of virtual machines based on the calculated similarity value; and a controller configured to provide, in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, information with respect to the detection of malware to a second terminal among the plurality of terminals corresponding to a second virtual machine, the second virtual machine being clustered into the same group as the first virtual machine. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A terminal device configured to detect malware, the terminal device comprising:
-
a transferor configured to transfer information about a profile of the terminal device to a virtual machine generated in a server, the virtual machine corresponding to the terminal; a receiver configured to, in response to the malware being detected in another terminal device which is clustered into the same group as the terminal, receive information with respect to a detection of malware from the virtual machine; and a display configured to display the received information with respect to the detection of the malware, wherein the terminal and the other terminal are clustered into the same group based on a similarity value calculated based on exchanged information about the profile of the terminal among the virtual machines respectively corresponding to the plurality of terminals. - View Dependent Claims (14)
-
-
15. A non-transitory computer-readable recording medium having recorded thereon a program for detecting malware in a terminal via a server, the method comprising:
-
generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals; calculating a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines respectively corresponding to the plurality of terminals; clustering the plurality of generated virtual machines into groups based on the calculated similarity value; and in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as the first virtual machine.
-
Specification