首页>
外国专利>
DEVICE AND METHOD FOR DETECTING MALICIOUS SHELL CODE USING DEBUGGING EVENT
DEVICE AND METHOD FOR DETECTING MALICIOUS SHELL CODE USING DEBUGGING EVENT
展开▼
机译:利用调试事件检测恶意外壳代码的装置和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
PROBLEM TO BE SOLVED: To correctly detect a malicious non-executable file in a short period of time before executing malware.;SOLUTION: A malicious shell code detection device 100 includes a warning setting part 130 for performing setting so as to generate a debugging event when a mother process generated by a mother program for executing a non-executable file attempts to execute a code without an execution attribute, an information storage part 140 for storing address range information of a memory in which a normal module to be used by the mother process is loaded, and a malice determination part 150 for determining the existence/absence of a malice to the non-executable file by using the address range information that has already been acquired if the debugging event is generated.;COPYRIGHT: (C)2014,JPO&INPIT
展开▼