-
1.发明授权公开(公告)号:US11790085B2
公开(公告)日:2023-10-17
申请号:US17461337
申请日:2021-08-30
Inventor: Jung-Tae Kim , Ji-Hyeon Song , Jong-Hyun Kim , Sang-Min Lee , Ik-Kyun Kim , Dae-Sung Moon
CPC classification number: G06F21/564 , G06N20/00
Abstract: Disclosed herein are an apparatus for detecting unknown malware using a variable-length operation code (opcode) and a method using the apparatus. The method includes collecting opcode information from a detection target, generating a multi-pixel image having a variable length by performing feature engineering on the opcode information; and detecting unknown malware by inputting the multi-pixel image to a deep-learning model based on AI.
-
公开(公告)号:US11783034B2
公开(公告)日:2023-10-10
申请号:US17100541
申请日:2020-11-20
Inventor: Jung-Tae Kim , Ji-Hyeon Song , Ik-Kyun Kim , Young-Su Kim , Jong-Hyun Kim , Jong-Geun Park , Sang-Min Lee , Jong-Hoon Lee
CPC classification number: G06F21/563 , G06N5/04 , G06N20/00 , G06F2221/033
Abstract: Disclosed herein are an apparatus and method for detecting a malicious script. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to extract token-type features, each of which corresponds to a lexical unit, and tree-node-type features of an abstract syntax tree from an input script, to train two learning models to respectively learn two pieces of learning data that are generated in consideration of features extracted respectively from the token-type features and the node-type features as having the highest frequency, and to detect whether the script is a malicious script based on the result of ensemble-based malicious script detection performed for the script, which is acquired using an ensemble detection model generated from the two learning models.
-
公开(公告)号:US10509796B2
公开(公告)日:2019-12-17
申请号:US15860828
申请日:2018-01-03
Inventor: Hyun-Joo Kim , Jong-Hyun Kim , Ik-Kyun Kim
IPC: G06F16/248 , G06F8/34 , G06K9/62 , G06F16/2458
Abstract: An apparatus and method for visualizing data. The apparatus for visualizing data includes a behavior information collection unit for executing an application from which information is to be collected and collecting behavior information from a process of the executed application, a behavior feature extraction unit for extracting behavior features in an order in which the behavior information is called, a behavior sequence generation unit for generating a behavior sequence by arranging the behavior features in chronological order, and a behavior sequence visualization unit for visualizing the behavior sequence as a 3D sequence object.
-
公开(公告)号:US10404782B2
公开(公告)日:2019-09-03
申请号:US15331436
申请日:2016-10-21
Inventor: Yang-Seo Choi , Jong-Hyun Kim , Joo-Young Lee , Sun-Oh Choi , Ik-Kyun Kim , Dae-Sung Moon
IPC: H04L12/26 , H04L29/08 , H04L12/851 , H04L12/861
Abstract: Disclosed are an apparatus and method for reconstructing a transmitted file with high performance in real time, which select analysis target packets for reconstruction by first checking using hardware whether data file-related information is present in packets transmitted via large-capacity traffic over a broadband network, and which reconstruct a file in real time only from the selected analysis target packets. The file reconstruction apparatus for reconstructing a data file from packets on a network includes a packet monitoring unit for extracting packets on the network, a collected packet selection unit for determining whether, for the extracted packets, each packet is a reconstruction target based on flow information, and selecting a reconstruction target packet, and a file reconstruction unit for performing file reconstruction by extracting data from the reconstruction target packet and by storing the extracted data as data of a reconstructed file in a relevant flow.
-
-
-
Search Results
4
records
(took 0.017 seconds)
