首页>
外国专利>
System for detecting and blocking metamorphic malware using the Intermediate driver
System for detecting and blocking metamorphic malware using the Intermediate driver
展开▼
机译:使用中间驱动程序检测和阻止变态恶意软件的系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a system and a method for detecting and blocking variants of malware using an intermediate driver and, more specifically, to a system and a method for detecting and blocking variants of malware using an intermediate driver which complements the shortcomings of a conventional signature analysis by proposing a model which analyzes state changes in a system and a network by using a network driver interface specification (NDIS) intermediate driver and detects and blocks malware having an irregular pattern in a kernel mode. The present invention detects state behavior by using protocol type, IP address, MAC, use port, length, and time information extracted from packet information.
展开▼