Abstract: Disclosed are a malicious code deactivating apparatus and a method of operating the same. The malicious code deactivating apparatus and the method of operating the same provide a high security malicious code deactivating apparatus for preliminarily performing a malicious code inspection on a target process and then executing the target process in a terminal unit, by including a monitor, a comparator, a controller, an analyzer, and a storage.
Type:
Grant
Filed:
November 21, 2017
Date of Patent:
March 24, 2020
Assignee:
NPCORE, INC.
Inventors:
Seung Chul Han, Su Hyun Lee, Dong Jin Shin
Abstract: Provided are an apparatus and method for blocking a zombie behavior process. The apparatus includes a security policy storage configured to store zombie-behavior-type-specific traffic characteristics and security policies, a traffic monitor configured to monitor traffic generated on the computer and detect abnormal traffic exceeding a predetermined reference value, a process and traffic analyzer configured to find an abnormal process causing the abnormal traffic and detect a zombie behavior type associated with the abnormal process by analyzing the abnormal traffic on the basis of the zombie-behavior-type-specific traffic characteristics stored in the security policy storage, and a process handler configured to handle the process whose zombie behavior type has been detected according to a security policy defined for the detected zombie behavior type.