Method of intrusion detection in terminal device and intrusion detecting apparatus

US 9,501,641 B2
Filed: 03/06/2014
Issued: 11/22/2016
Est. Priority Date: 07/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method of intrusion detection with respect to each of a plurality of operating systems in a terminal device that supports driving of the plurality of operating systems, the method comprising:

collecting, at a first operating system of the plurality of operating systems in the terminal device, intrusion detection data from at least a second operating system of the plurality of operating systems in the terminal device;

performing, at the first operating system in the terminal device, an intrusion detection with respect to the at least a second operating system in the terminal device using the collected intrusion detection data;

performing a selective approach control with respect to the at least a second operating system of the plurality of operating systems which are simultaneously driven in the terminal device, based on a result of the performing the intrusion detection; and

selectively restoring damaged data in the at least a second operating system based on a result of the performing the intrusion detection,wherein the performing the intrusion detection comprises analyzing the collected intrusion data and determining whether there is an intrusion in the at least a second operating system,wherein the performing the selective approach control comprises controlling of a ratio of using a central processing unit or memory of the terminal device, by the at least a second operating system into which intrusion is determined to have occurred among the plurality of operating systems which are simultaneously driven in the terminal device, andwherein the selectively restoring comprises receiving back-up data for restoring damaged data in the at least a second operating system from a server and restoring the damaged data with the back-up data, wherein the back-up data is received by the server at a predetermined interval from the terminal device and the data is data used in the at least a second operating system or image data generated with respect to the at least a second operating system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of intrusion detection in a terminal device that supports driving of a plurality of operating systems, is provided. The method includes collecting at a first operating system of the plurality of operating systems intrusion detection data for analyzing whether there is an intrusion in at least a second operating system of the plurality of operating systems; and performing at the first operating system an intrusion detection with respect to the at least a second operating system using the collected intrusion detection data.

Citations

16 Claims

1. A method of intrusion detection with respect to each of a plurality of operating systems in a terminal device that supports driving of the plurality of operating systems, the method comprising:
- collecting, at a first operating system of the plurality of operating systems in the terminal device, intrusion detection data from at least a second operating system of the plurality of operating systems in the terminal device;
  
  performing, at the first operating system in the terminal device, an intrusion detection with respect to the at least a second operating system in the terminal device using the collected intrusion detection data;
  
  performing a selective approach control with respect to the at least a second operating system of the plurality of operating systems which are simultaneously driven in the terminal device, based on a result of the performing the intrusion detection; and
  
  selectively restoring damaged data in the at least a second operating system based on a result of the performing the intrusion detection,wherein the performing the intrusion detection comprises analyzing the collected intrusion data and determining whether there is an intrusion in the at least a second operating system,wherein the performing the selective approach control comprises controlling of a ratio of using a central processing unit or memory of the terminal device, by the at least a second operating system into which intrusion is determined to have occurred among the plurality of operating systems which are simultaneously driven in the terminal device, andwherein the selectively restoring comprises receiving back-up data for restoring damaged data in the at least a second operating system from a server and restoring the damaged data with the back-up data, wherein the back-up data is received by the server at a predetermined interval from the terminal device and the data is data used in the at least a second operating system or image data generated with respect to the at least a second operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the performing the intrusion detection comprises:
    - transmitting the intrusion detection data to a server for analyzing whether there is an intrusion; and
      
      receiving an analysis result from the server indicating whether there is an intrusion into at the at least a second operating system.
  - 3. The method of claim 2, wherein the transmitting the intrusion detection data is performed by encrypting the intrusion detection data using a predetermined encryption method and transmitting the encrypted intrusion detection data to the server.
  - 4. The method of claim 2, wherein the intrusion detection data comprises access records for applications and data which is used by the at least a second operating system.
  - 5. The method of claim 1, wherein the first operating system is an operating system that is protected from an external intrusion.
  - 6. The method of claim 1, wherein the plurality of operating systems are separated so as to not mutually approach each other, and the first operating system collects intrusion detection data from the at least a second operating system using a virtual machine monitor technique.
  - 7. The method of claim 1, further comprising selectively restoring damaged data in the at least a second operating system based on a result of the performing the intrusion detection.

8. A method of intrusion detection with respect to each of a plurality of operating systems in a terminal device that supports driving of the plurality of operating systems, the method comprising:
- collecting, at a first operating system of the plurality of operating systems in the terminal device, intrusion detection data from at least a second operating system of the plurality of operating systems in the terminal device;
  
  performing, at the first operating system in the terminal device, an intrusion detection with respect to the at least a second operating system in the terminal device using the collected intrusion detection data;
  
  performing a selective approach control with respect to the at least a second operating system of the plurality of operating systems based on a result of the performing the intrusion detection; and
  
  selectively restoring damaged data in the at least a second operating system based on a result of the performing the intrusion detection,wherein the performing the intrusion detection comprises analyzing the collected intrusion data and determining whether there is an intrusion in the at least a second operating system,wherein the performing the selective approach control comprises controlling of a ratio of using a central processing unit or memory of the terminal device, by the at least a second operating system into which intrusion is determined to have occurred among the plurality of operating systems, andwherein the selectively restoring comprises receiving back-up data for restoring damaged data in the at least a second operating system from a server and restoring the damaged data with the back-up data, wherein the back-up data is received by the server at a predetermined interval from the terminal device and the data is data used in the at least a second operating system or image data generated with respect to the at least a second operating system.

9. An intrusion detecting apparatus that is installed in a first operating system of a plurality of operating systems and performs intrusion detection with respect to each of the plurality of operating systems in a terminal device comprising a memory that stores the plurality of operating systems and a central processing unit that supports driving of the plurality of operating systems, the intrusion detecting apparatus comprising:
- a data collecting unit that collects intrusion detection data from at least a second operating system of a plurality of operating systems in the terminal device; and
  
  an intrusion detecting unit performs intrusion detection with respect to the at least a second operating system in the terminal device using the intrusion detection data collected by the data collecting unit; and
  
  a virtualization unit that collects the intrusion detection data from the at least a second operating system of the plurality of operating systems which are simultaneously driven in the terminal device, and transmits the intrusion detection data to the data collecting unit if the operating systems are separated so as to not mutually approach each other,wherein the intrusion detection performed by the intrusion detecting unit comprises analyzing the collected intrusion data and determining whether there is an intrusion in the at least a second operating system,wherein the virtualization unit performs selective approach control with respect to the at least a second operating system based on the intrusion detection performance result of the intrusion detecting unit, and controls a ratio of using a central processing unit or memory of the terminal device by the at least a second operating system, which is determined as intruded into, among the plurality of operating systems which are simultaneously driven in the terminal device, andwherein the virtualization unit receives a back-up data from a server to restore damaged data in the at least a second operating system that is determined as intruded, wherein the back-up data is received from the terminal device by the server at a predetermined interval and the data is data used in the at least a second operating system or image data generated with respect to the at least a second operating system.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The intrusion detecting apparatus of claim 9, wherein the intrusion detecting unit comprises:
    - a data transmitting unit that transmits collected intrusion detection data to a server for analyzing whether there is an intrusion; and
      
      an analysis result receiving unit that receives an analysis result from the server with respect to the at least a second operating system whether there is an intrusion.
  - 11. The intrusion detecting apparatus of claim 10, further comprising an encryption unit that encrypts the intrusion detection data, wherein the data transmitting unit transmits the intrusion detection data encrypted using a predetermined encryption method by the encryption unit.
  - 12. The intrusion detecting apparatus of claim 10, wherein the intrusion detection data comprises access records for applications and data which is used by the at least a second operating system.
  - 13. The intrusion detecting apparatus of claim 9, wherein the first operating system is protected from an external intrusion.
  - 14. The intrusion detecting apparatus of claim 9, wherein the virtualization unit restores damaged data in the at least a second operating system based on the intrusion detection performance result of the intrusion detecting unit.

15. An intrusion detecting apparatus that is installed in a first operating system of a plurality of operating systems and performs intrusion detection with respect to each of the plurality of operating systems in a terminal device comprising a memory that stores the plurality of operating systems and a central processing unit that supports driving of the plurality of operating systems, the intrusion detecting apparatus comprising:
- a data collecting unit that collects intrusion detection data from at least a second operating system of a plurality of operating systems in the terminal device;
  
  an intrusion detecting unit performs intrusion detection with respect to the at least a second operating system in the terminal device using the intrusion detection data collected by the data collecting unit; and
  
  a virtualization unit that collects the intrusion detection data from the at least a second operating system of the plurality of operating systems, and transmits the intrusion detection data to the data collecting unit if the operating systems are separated so as to not mutually approach each other,wherein the intrusion detection performed by the intrusion detecting unit comprises analyzing the collected intrusion data and determining whether there is an intrusion in the at least a second operating system,wherein the virtualization unit performs selective approach control with respect to the at least a second operating system based on the intrusion detection performance result of the intrusion detecting unit, and controls a ratio of using a central processing unit or memory of the terminal device by the at least a second operating system, which is determined as intruded into, among the plurality of operating systems,wherein the virtualization unit restores damaged data in the at least a second operating system based on the intrusion detection performance result of the intrusion detecting unit, andwherein the virtualization unit receives a back-up data from a server to restore damaged data in the at least a second operating system that is determined as intruded, wherein the back-up data is received from the terminal device by the server at a predetermined interval and the data is data used in the at least a second operating system or image data generated with respect to the at least a second operating system.

16. A non-transitory computer readable recording medium having recorded thereon a program executable by a computer for performing a method of intrusion detection with respect to each of a plurality of operating systems in a terminal device that supports driving of the plurality of operating systems, the method comprising:
- collecting, at a first operating system of the plurality of operating systems in the terminal device, intrusion detection data from at least a second operating system of the plurality of operating systems in the terminal device;
  
  performing, at the first operating system in the terminal device, an intrusion detection with respect to the at least a second operating system in the terminal device using the collected intrusion detection data;
  
  performing a selective approach control with respect to the at least a second operating system of the plurality of operating systems which are simultaneously driven in the terminal device, based on a result of the performing the intrusion detection; and
  
  selectively restoring damaged data in the at least a second operating system based on a result of the performing the intrusion detection,wherein the performing the intrusion detection comprises analyzing the collected intrusion data and determining whether there is an intrusion in the at least a second operating system,wherein the performing the selective approach control comprises controlling of a ratio of using a central processing unit or memory of the terminal device, by the at least a second operating system into which intrusion is determined to have occurred among the plurality of operating systems which are simultaneously driven in the terminal device, andwherein the selectively restoring comprises receiving back-up data for restoring damaged data in the at least a second operating system from a server and restoring the damaged data with the back-up data, wherein the back-up data is received by the server at a predetermined interval from the terminal device and the data is data used in the at least a second operating system or image data generated with respect to the at least a second operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Lee, Sung-Min, Jeong, Bok-Deuk, Suh, Sang-bum
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US14/199,020
Publication Number

US 20140189869A1
Time in Patent Office

992 Days
Field of Search

726 2- 5, 713152-168, 703/27
US Class Current

1/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/56 Computer malware detection ...

Method of intrusion detection in terminal device and intrusion detecting apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method of intrusion detection in terminal device and intrusion detecting apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links