US2016205124A1PendingUtilityA1

System and method for detecting mobile cyber incident

Assignee: KOREA INTERNET & SECURITY AGENCYPriority: Jan 14, 2015Filed: Jan 22, 2015Published: Jul 14, 2016
Est. expiryJan 14, 2035(~8.5 yrs left)· nominal 20-yr term from priority
G06F 17/30867H04L 63/1416G06F 17/30097H04L 63/1425H04W 88/184G06F 16/137G06F 16/9566H04W 4/12H04W 4/60H04L 63/145H04L 51/08
42
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system for detecting mobile cyber incidents includes: a mobile incident collection server adapted to collect text messages sent through communication company servers to produce text message detection information, to collect URL information based on real-time search words provided by search portals to produce URL detection information, and to collect basic information of application files being sold in application market servers to produce APK detection information; and a detection information DB adapted to receive, store and manage the text message detection information, the URL detection information and the APK detection information produced from the mobile incident collection server.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system for detecting mobile cyber incidents, the system comprising:
 a mobile incident collection server adapted to collect text messages sent through communication company servers to produce text message detection information, to collect URL information based on real-time search words provided by search portals to produce URL detection information, and to collect basic information of application files being sold in application market servers to produce APK detection information; and   a detection information DB adapted to receive, store and manage the text message detection information, the URL detection information and the APK detection information produced from the mobile incident collection server.   
     
     
         2 . The system for detecting mobile cyber incidents according to  claim 1 , wherein the APK detection information comprises at least one or more of application names, versions, sizes, uploader names, and authorization information. 
     
     
         3 . The system for detecting mobile cyber incidents according to  claim 1 , wherein when the mobile incident collection server produces the text message detection information, the mobile incident collection server is accessed to the corresponding web pages by using the URL information contained in the text messages to check whether applications in the web pages are downloaded. 
     
     
         4 . The system for detecting mobile cyber incidents according to  claim 1 , wherein when the mobile incident collection server collects the basic information of the applications being sold in the application market servers, the mobile incident collection server analyzes the relation between the collected applications and the previously analyzed applications to check whether the applications are repeated. 
     
     
         5 . The system for detecting mobile cyber incidents according to  claim 4 , wherein the mobile incident collection server checks whether the collected applications are repeated with the previously analyzed applications on the basis of at least one or more information of the application names, versions, uploader names, and URL information. 
     
     
         6 . A method for detecting mobile cyber incidents, the method comprising the steps of:
 allowing a mobile incident collection server to determine whether new text is received;   extracting the text original hash from the received new text by means of the mobile incident collection server;   allowing the mobile incident collection server to determine whether attached file exists on the basis of the extracted text original hash;   if the attached file exists, extracting the attached file by means of the mobile incident collection server; and   storing and managing the APP information of the extracted attached file as mobile cyber incident information in the mobile incident collection server.   
     
     
         7 . The method for detecting mobile cyber incidents according to  claim 6 , further comprising the steps of:
 extracting text sending information on the basis of the extracted text original hash by means of the mobile incident collection server; and   extracting sending number, time, communication company and main phrases from the extracted text sending information and storing and managing the extracted information as the mobile cyber incident information in the mobile incident collection server.   
     
     
         8 . The method for detecting mobile cyber incidents according to  claim 6 , further comprising the steps of:
 extracting the text content from the extracted text original hash by means of the mobile incident collection server;   parsing the URL of the extracted text content by means of the mobile incident collection server; and   storing and managing the parsed information as the mobile cyber incident information in the mobile incident collection server.   
     
     
         9 . A method for detecting mobile cyber incidents, the method comprising the steps of:
 allowing a mobile incident collection server to determine whether a search word collection period starts;   if the search word collection period starts, calling a real-time search word collection API by portal by means of the mobile incident collection server;   calling the number of search words by means of the mobile incident collection server;   collecting the API-based real-time search words by portal by means of the mobile incident collection server;   parsing the collected search words by means of the mobile incident collection server; and   storing and managing the parsed search words as the mobile cyber incident information in the mobile incident collection server.   
     
     
         10 . A method for detecting mobile cyber incidents, the method comprising the steps of:
 allowing a mobile incident collection server to determine whether a URL detection period starts;   if the URL detection period starts, calling a search API by portal by means of the mobile incident collection server;   calling collected search words by means of the mobile incident collection server;   receiving the search results through the collected search words by means of the mobile incident collection server;   parsing the search results and extracting the URL information from the parsed search results by means of the mobile incident collection server;   allowing the mobile incident collection server to determine whether the search words not searched exist; and   if the search words not searched exist, receiving the search results corresponding to the search words not searched by means of the mobile incident collection server.   
     
     
         11 . The method for detecting mobile cyber incidents according to  claim 10 , further comprising the steps of:
 after the mobile incident collection server parses the search results and extracts the URL information from the parsed search results, calling URL repetition collection limitation period by means of the mobile incident collection server;   allowing the mobile incident collection server to determine whether URLs are collected;   if the URLs are collected, allowing the mobile incident collection server to determine whether the collected URLs are the repetition collection limitation URLs;   if it is determined that the collected URLs are the repetition collection limitation URLs, producing and storing URL and hash by means of the mobile incident collection server; and   storing the basis information and setting repetition collection limitations by means of the mobile incident collection server.   
     
     
         12 . The method for detecting mobile cyber incidents according to  claim 11 , further comprising the steps of: analyzing the web page source of the extracted URL and extracting the URL downloading the application connected to the corresponding web page by means of the mobile incident collection server. 
     
     
         13 . The method for detecting mobile cyber incidents according to  claim 12 , further comprising the steps of: checking whether the URL is connected to other web pages by means of the mobile incident collection server; and allowing the mobile incident collection server to determine whether the URL automatically visits the corresponding web page to download the applications connected to the web page. 
     
     
         14 . The method for detecting mobile cyber incidents according to  claim 9 , further comprising the step of: allowing the mobile incident collection server to check whether the collected applications are repeated with each other to check the relations of the collected applications with the existing analyzed applications. 
     
     
         15 . The method for detecting mobile cyber incidents according to  claim 14 , wherein the relations of the collected applications with the existing analyzed applications are checked to check whether at least one or more information of the application names, versions, uploader names, and URL information are similar to or the same as each other.

Join the waitlist — get patent alerts

Track US2016205124A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.