公开(公告)号：KR1020140072749A

公开(公告)日：2014-06-13

申请号：KR1020120140618

申请日：2012-12-05

Applicant: 국방과학연구소

Inventor： 이경식 ,  김진수 ,  윤호상 ,  최화재 ,  금영준 ,  김휘강

IPC: G06F21/00 ,  G06F9/30 ,  G06F9/455 ,  G06F11/30

CPC classification number: H04N1/32149 ,  H04L2209/08

Abstract: The present specification relates to an apparatus for hiding shellcode, which hides shellcode and a decoder in a 24-bit BMP file in an executable state, and a method thereof, and an apparatus for detecting intrusion, which infers whether a message is inserted into an image based on a steganography technique and detects hidden shellcode based on an emulation technique, and a method thereof. To this end, the method for hiding shellcode according to the present specification comprises the steps of loading a 24-bit BMP format image file, prestored in a storage unit, through a scanning module; checking whether there is a decoder which can be inserted into the loaded image file, among a plurality of decoders prestored in a decoder repository, through the scanning module; sending information about an image file related to an image file corresponding to the decoder which can be inserted, when there is a decoder which can be inserted into the loaded image file among the decoders, through the scanning module; sending information about the image file sent from the scanning module, to a hiding module through a determining module; and inserting shellcode and the decoder into the image file, based on the information about the image file, through the hiding module.

Abstract translation: 本说明书涉及一种用于隐藏shellcode的装置，其在可执行状态下隐藏24位BMP文件中的shellcode和解码器及其方法，以及用于检测入侵的装置，其推断消息是否插入到 基于隐写术技术的图像和基于仿真技术的隐藏的贝壳编码及其方法。 为此，根据本说明书的隐藏Shellcode的方法包括以下步骤：通过扫描模块加载预先存储在存储单元中的24位BMP格式图像文件; 通过扫描模块检查在解码器存储库中预先存储的多个解码器中是否存在可插入加载的图像文件中的解码器; 通过扫描模块，当存在可以插入到解码器中的加载的图像文件中的解码器时，发送关于与可插入的解码器相对应的图像文件的图像文件的信息; 将从扫描模块发送的图像文件的信息发送到通过确定模块的隐藏模块; 并通过隐藏模块，根据图像文件的信息，将shellcode和解码器插入到图像文件中。

公开(公告)号：KR101473726B1

公开(公告)日：2014-12-18

申请号：KR1020120140618

申请日：2012-12-05

Applicant: 국방과학연구소

Inventor： 이경식 ,  김진수 ,  윤호상 ,  최화재 ,  금영준 ,  김휘강

IPC: G06F21/00 ,  G06F9/30 ,  G06F9/455 ,  G06F11/30

Abstract: 본명세서는 24 비트의 BMP 파일에실행가능한상태로쉘 코드와디코더를은닉하는쉘 코드은닉장치및 그방법과, 스테가노그래피(steganography) 기법을근거로이미지에서메시지의삽입여부를유추하고, 에뮬레이션기법을근거로은닉된쉘 코드를탐지하는침입탐지장치및 그방법에관한것이다. 이를위하여본 명세서에따른쉘코드은닉방법은, 스캐닝모듈을통해, 저장부에미리저장된 24 비트의 BMP 형식의이미지파일을로딩하는단계; 상기스캐닝모듈을통해, 디코더저장소에미리저장된복수의디코더중에서상기로딩한이미지파일에삽입가능한디코더가있는지여부를확인하는단계; 상기스캐닝모듈을통해, 상기확인결과, 상기복수의디코더중에서상기로딩한이미지파일에삽입가능한디코더가있을때, 상기삽입가능한디코더에대응하는해당이미지파일과관련된이미지파일에대한정보를결정모듈에전달하는단계; 상기결정모듈을통해, 상기스캐닝모듈로부터전달된상기이미지파일에대한정보를은닉모듈에전달하는단계; 및상기은닉모듈을통해, 상기이미지파일에대한정보를근거로상기이미지파일에쉘코드및 디코더를삽입하는단계;를포함한다.