首页> 外国专利> WINDOWS EXECUTABLE FILE EXTRACTION METHOD AND A DEVICE USING THE SAME, CAPABLE OF ANALYZING EXECUTION FILES TRANSFERRED ON HIGH SPEED NETWORK ENVIRONMENT OF HIGH CAPACITY

WINDOWS EXECUTABLE FILE EXTRACTION METHOD AND A DEVICE USING THE SAME, CAPABLE OF ANALYZING EXECUTION FILES TRANSFERRED ON HIGH SPEED NETWORK ENVIRONMENT OF HIGH CAPACITY

机译：WINDOWS可执行文件提取方法和使用该方法的设备，能够分析在高容量的高速网络环境上传输的执行文件

页面导航

摘要
著录项
相似文献

摘要

PURPOSE: A windows executable file extraction method and a device using the same are provided to analyze an execution file from a packet before inflowing into packet to a host, thereby extracting a various, a worm, or Trojan horse at an early stage.;CONSTITUTION: A session matching module(50) collects input packer having payload according to a reference packet. The session matching module performs a session matching based on 5-tuple information of the reference packet. A patter matching module(60) searches MZ pattern, PE00 pattern, and MZ-PE00 pattern about packer of the session matching module. A PE(Portable Executable) processing module(70) completes a PE file combination or deletes packets which is not a PE file.;COPYRIGHT KIPO 2010

机译：目的：提供一种Windows可执行文件提取方法和使用该方法的设备，以在从数据包中流入主机之前分析数据包中的执行文件，从而在早期提取各种蠕虫或特洛伊木马。会话匹配模块（50）根据参考包，收集具有有效载荷的输入打包器。会话匹配模块基于参考分组的5元组信息进行会话匹配。模式匹配模块（60）搜索关于会话匹配模块的打包器的MZ模式，PE00模式和MZ-PE00模式。 PE（便携式可执行）处理模块（70）完成PE文件组合或删除不是PE文件的数据包。; COPYRIGHT KIPO 2010

著录项

公开/公告号KR20100066908A

专利类型
公开/公告日2010-06-18

原文格式PDF
申请/专利权人 ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE;
展开▼

申请/专利号KR20080125415
发明设计人 CHO HYUN SOOK;YOON SEUNG YONG;JANG JONG SOO;OH JIN TAE;KIM IK KYUN;KIM BYOUNG KOO;
展开▼

申请日2008-12-10
分类号G06F21/00;G06F15/00;G06F9/44;H04L12/24;
国家 KR
入库时间 2022-08-21 18:32:28

相似文献

专利
外文文献
中文文献