Invention Grant
US08230503B2 Method of extracting windows executable file using hardware based on session matching and pattern matching and apparatus using the same
有权
基于会话匹配和模式匹配的硬件提取Windows可执行文件的方法及使用该可执行文件的方法
- Patent Title: Method of extracting windows executable file using hardware based on session matching and pattern matching and apparatus using the same
- Patent Title (中): 基于会话匹配和模式匹配的硬件提取Windows可执行文件的方法及使用该可执行文件的方法
-
Application No.: US12503288Application Date: 2009-08-17
-
Publication No.: US08230503B2Publication Date: 2012-07-24
- Inventor: Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
- Applicant: Byoung Koo Kim , Seung Yong Yoon , Ik Kyun Kim , Jin Tae Oh , Jong Soo Jang , Hyun Sook Cho
- Applicant Address: KR Daejeon
- Assignee: Electronics and Telecommunications Research Institute
- Current Assignee: Electronics and Telecommunications Research Institute
- Current Assignee Address: KR Daejeon
- Agency: Nelson Mullins Riley & Scarborough LLP
- Agent EuiHoon Lee, Esq.
- Priority: KR10-2008-0125415 20081210
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A method and apparatus for extracting a windows executable file that can search for a pattern related to windows executable files among a large quantity of network packets using a hardware-based session tracking and pattern matching technology and that can extract all packets included in the corresponding session are provided. The method of extracting a windows executable file includes: collecting incoming packets having a payload according to a session of a reference packet having an MZ pattern; performing a portable executable (PE) pattern matching for the collected incoming packets; and forming a PE file based on at least one incoming packet satisfying the PE pattern matching.
Public/Granted literature
Information query
