Abstract:
A method and an apparatus for analyzing the malware software within a non-executable file which uses the virtual environment use the object program having the weak point in the virtual environment are provided to analyze the malware included in the non-executable file safely. A program execution part(114) outputs register value of an object program by loading non-executable file analyzed in an object program. A program run analysis part(122) analyzes the outputted register value. In case the register value indicates a domain except a normal code domain, the program run analysis part stores log information about the operation of the object program in the log information database(124). A malware analyze part(126) extracts and analyzes malware included in the non-executable file based on log information. When the outputted register value begins to indicate domain except the normal code area, the program run analysis part begins to store the log information.
Abstract:
A network management system and a method thereof are provided to manage a network based on the value of a network apparatus, thereby making network management considering characteristics of the network apparatus possible. A value-based network management system(10) comprises the followings: a value estimating part(101) collecting information about the value of network equipment; a storage(102) storing the value of the network equipment delivered from the value estimating part; a policy judging part(103) which compares the value of the network equipment, estimated at present, with the required value of the network equipment, delivered from a manager, to judge whether to apply the required value of the network equipment; and a policy executing part(104) which transmits a command for requesting the change into the required value to the network equipment, if the application is decided.
Abstract:
본 발명은 지역적으로 분산된 네트워크 환경에서 취약성(Vulnerability)을 중앙 집중식으로 감사 및 분석할 수 있도록 한 취약성 분석 시스템 및 방법에 관한 것으로, 침입차단 시스템(Firewall)으로 보호된 네트워크에서도 내부망에 대한 취약성을 분석할 수 있다. 본 발명은 취약성 분석 대상 네트워크의 내부망에 대한 점검을 수행하는 에이전트와, 각 에이전트들로부터 결과를 제공받아 분석하고 DMZ(De-Militarized Zones)에 대한 취약성을 탐지하는 매니저, 그리고 매니저와 에이전트간의 통신을 위한 보안 프로토콜로 구성된다. 매니저는 에이전트가 보내온 각각의 정보를 분석하고 호스트별, 네트워크별 취약성 탐지결과에 대한 차등 분석을 수행하여 비교결과를 생성하는 기능을 가지며, 에이전트를 기반으로 하여 네트워크별로 취약성에 대한 정보를 전체적으로 관리하고, 매니저에 새로운 취약성을 탐지하기 위한 코드를 설치하면 자동으로 각 에이전트에 분배되므로 네트워크 전체에 대한 취약성 분석이 효율적으로 이루어질 수 있다.
Abstract:
접근권한별로분리된브라우저프로세스를이용한브라우저제공방법및 이를이용한장치가개시된다. 제1 웹페이지에상응하는제1 주소를획득하는단계; 권한제어목록에서제1 주소를기반으로제1 단말접근권한을획득하고, 제1 단말접근권한에상응하는제1 브라우저프로세스를실행하는단계; 제1 브라우저프로세스가제2 웹페이지의렌더링을시도하는경우에, 제1 단말접근권한과제2 웹페이지에상응하는제2 단말접근권한을비교하여렌더링허용여부를판단하는단계; 및렌더링이허용되지않은경우에제1 브라우저프로세스의렌더링시도를차단하고, 제2 단말접근권한에상응하는제2 브라우저프로세스를실행하여제2 웹페이지를렌더링하는단계를포함한다.
Abstract:
PURPOSE: An apparatus for detecting a modulated URL by HTTP header analysis and a method thereof are provided to remove a threat connected to a malicious site without the consent of a user by checking whether a corresponding URL is modulated or not before connecting the URL which is possibly modulated on a webpage of a connected website. CONSTITUTION: An apparatus for detecting modulated URL includes a control unit(10), a URL information collecting unit(40), a URL HTTP header analyzing unit(50), and a URL modulation checking unit(60). The control unit controls the operation of each unit of the apparatus for detecting the modulated URL. The URL information collecting unit collects URL information linked with a webpage selected by a user on a connected website if the user terminal executes a web browser and connects to the website of which URL is inputted by a user. The URL HTTP header analyzing unit analyzes HTTP header information from collected URL information if the URL information is collected by the URL information collecting unit. The URL modulation checking unit determines a corresponding URL if retransmission information from the corresponding URL to different URL does not exist in a HTTP header as a result of the HTTP header information analysis of the URL HTTP header analyzing unit. [Reference numerals] (10) Control unit; (20) Input unit; (30) Output unit; (40) URL information collecting unit; (50) URL HTTP header analyzing unit; (60) URL modulation checking unit
Abstract:
PURPOSE: An online financial transaction authentication method and apparatus thereof are provided to confirm the recognition state of a user randomly using a part of main transaction information as authentication information. CONSTITUTION: An authentication information generation unit(110) randomly selects a part of main transaction information corresponding to a user. The authentication information generation unit generates authentication information by combining the selected information. A display unit(140) provides the converted authentication information and the main transaction information to the user. A user recognition determination unit(160) determines whether the user recognizes the authentication information.
Abstract:
본 발명은 DCE(Distributed Computing Environment) RPC(Remote Procedure Call) 객체의 퍼징 시스템 및 방법에 관한 것으로서, 파일 매니저(File Manager)에서 DCE RPC 퍼징 및 통신시 필수적으로 요구되는 UUID(Universal Unique IDentifier), 인터페이스 버전(version), Op number를 idl 파일을 참조하여 획득하고, 획득한 정보들을 통신 메커니즘을 구성하는 패킷 크리에이터(Packet Creator)에서 사용하고 DCE RPC 접근 메커니즘을 완성하며, 이후 난수를 처리하는 랜덤 데이터 제너레이터(Random Data Generator)의 난수를 주입하고 패킷 인젝터(Packet Injector)에 구성된 데이터를 인자로 하여 함수를 호출하여 퍼징을 수행함으로써, 기존의 DCE RPC 객체 퍼징 시 전문가의 개입이 필요한 부분을 자동화하여 퍼징 시간 및 비용을 감소할 수 있다. DCE(Distributed Computing Environment), RPC(Remote Procedure Call), 퍼징(fuzzing)
Abstract:
A DCE RPC(Distributed Computing Environment Remote Procedure Call) object fuzzing system and method are provided to analyze an idl file to acquire necessary information in a DCE RPC object fuzzing operation and construct an RPC based access mechanism by using the information to reduce the cost and time required for system fuzzing. A DCE RPC object fuzzing system includes a file manager, a random data generator, an RPC packet creator, and a packet injector. The file manager parses and analyzes a file having information including an idl file and a named pipe file with respect to an object of fuzzing to acquire necessary information. The random data generator generates a random number by using a system clock signal as a factor. The RPC packet creator constructs a protocol used for RPC communication for each function and creates an RPC packet for RPC communication. The packet injector injects the necessary information and the random number into the generated RPC packet and transmits the RPC packet to the object of fuzzing.