首页>
外国专利>
WINDOWS EXECUTABLE FILE EXTRACTION METHOD AND A DEVICE USING THE SAME, CAPABLE OF ANALYZING EXECUTION FILES TRANSFERRED ON HIGH SPEED NETWORK ENVIRONMENT OF HIGH CAPACITY
WINDOWS EXECUTABLE FILE EXTRACTION METHOD AND A DEVICE USING THE SAME, CAPABLE OF ANALYZING EXECUTION FILES TRANSFERRED ON HIGH SPEED NETWORK ENVIRONMENT OF HIGH CAPACITY
PURPOSE: A windows executable file extraction method and a device using the same are provided to analyze an execution file from a packet before inflowing into packet to a host, thereby extracting a various, a worm, or Trojan horse at an early stage.;CONSTITUTION: A session matching module(50) collects input packer having payload according to a reference packet. The session matching module performs a session matching based on 5-tuple information of the reference packet. A patter matching module(60) searches MZ pattern, PE00 pattern, and MZ-PE00 pattern about packer of the session matching module. A PE(Portable Executable) processing module(70) completes a PE file combination or deletes packets which is not a PE file.;COPYRIGHT KIPO 2010
展开▼