Abstract: Provided are a method and system for identifying an open-source software package from a binary file for which an open-source license is to be checked. The method includes: accessing a database generated to include a plurality of open-source software packages having a plurality of open-source files and open-source software package version information, based on a plurality of first identifiers included in each of the plurality of open-source files; receiving the binary file; extracting at least one second identifier included in the binary file by performing a string search on the binary file; and extracting at least one first identifier that matches the at least one second identifier from the database, and outputting an open-source software package and open-source software package version information corresponding to the at least one first identifier.

Abstract: The present disclosure provides a method and system for identifying an open-source software package from a binary file for which an open-source license is to be checked. The method includes: accessing an open-source database generated to include a plurality of reference binary files and a plurality of reference open-source software packages having a plurality of reference open-source files, based on a plurality of first hash values extracted from the plurality of reference binary files generated from the plurality of reference open-source files; receiving the target binary file; extracting a plurality of second hash values including at least two general hash values from the target binary file; extracting at least two first hash values corresponding to the plurality of second hash values among the plurality of first hash values; and identifying a reference open-source software package corresponding to the at least two first hash values based on the open-source database.

Abstract: The present disclosure provides a method and system for identifying an open-source software package from a binary file for which an open-source license is to be checked. The method includes: accessing an open-source database generated to include a plurality of reference binary files and a plurality of reference open-source software packages having a plurality of reference open-source files, based on a plurality of first hash values extracted from the plurality of reference binary files generated from the plurality of reference open-source files; receiving the target binary file; extracting a plurality of second hash values including at least two general hash values from the target binary file; extracting at least two first hash values corresponding to the plurality of second hash values among the plurality of first hash values; and identifying a reference open-source software package corresponding to the at least two first hash values based on the open-source database.

Abstract: Provided are a method and system for identifying an open-source software package from a binary file for which an open-source license is to be checked. The method includes: accessing a database generated to include a plurality of open-source software packages having a plurality of open-source files and open-source software package version information, based on a plurality of first identifiers included in each of the plurality of open-source files; receiving the binary file; extracting at least one second identifier included in the binary file by performing a string search on the binary file; and extracting at least one first identifier that matches the at least one second identifier from the database, and outputting an open-source software package and open-source software package version information corresponding to the at least one first identifier.

Abstract: The present invention relates to a method for detecting malicious code patterns in consideration of control and data flows. In the method of the present invention, a malicious code pattern is detected by determining whether values of tokens (variables or constants) included in two sentences to be examined will be identical to each other during execution of the sentences, and the determination on whether the values of the tokens will be identical to each other during the execution is made through classification into four cases: a case where both tokens in two sentences are constants, a case where one of tokens of two sentences is a constant and the other token is a variable, a case where both tokens of two sentences are variables and have the same name and range, and a case where both tokens of two sentences are variables but do not have the same name and range.

Abstract: Disclosed herein is a method of analyzing and decrypting encrypted malicious scripts. The method of the present invention comprises the steps of classifying a malicious script encryption method into a case where a decryption function exists in malicious scripts and is an independent function that is not dependent on external codes such as run time library, a case where a decryption function exists and is a dependent function that is dependent on external codes, and a case where a decryption function does not exist; and if the decryption function exists in malicious scripts and is the independent function that is not dependent on the external codes, extracting a call expression and a function definition for the independent function, executing or emulating the extracted call expression and function definition for the independent function, and obtaining a decrypted script by putting a result value based on the execution or emulation into an original script at which an original call expression is located.

Abstract: The present invention relates to a method of detecting malicious scripts using a code insertion technique. The method of detecting malicious scripts according to the present invention comprises the step of checking values related to each sentence belonging to call sequences by using method call sequence detection based on rules including matching rules and relation rules, wherein the checking step comprises the steps of inserting a self-detection routine (malicious behavior detection routine) call sentence before and after a method call sentence of an original script, and detecting the malicious codes during execution of the script through a self-detection routine inserted into the original script. According to the present invention, since a detection routine is configured to operate during the execution of scripts, dynamically determined parameters and return values can be checked and thus detection accuracy can be improved.

Abstract: The present invention relates to a method for detecting malicious scripts using static analysis. The method of the present invention comprises the step of checking whether a series of methods constructing a malicious code pattern exist and whether parameters and return values associated between the methods match each other.

Abstract: The present invention relates to a method for detecting malicious code patterns in consideration of control and data flows. In the method of the present invention, a malicious code pattern is detected by determining whether values of tokens (variables or constants) included in two sentences to be examined will be identical to each other during execution of the sentences, and the determination on whether the values of the tokens will be identical to each other during the execution is made through classification into four cases: a case where both tokens in two sentences are constants, a case where one of tokens of two sentences is a constant and the other token is a variable, a case where both tokens of two sentences are variables and have the same name and range, and a case where both tokens of two sentences are variables but do not have the same name and range.