| CPC G06F 16/1752 (2019.01) [G06F 16/13 (2019.01); G06F 16/148 (2019.01)] | 15 Claims |
|
1. An apparatus for detecting a target file based on network packet analysis, the apparatus comprising:
an inverse indexing database unit configured to generate at least one file chunk by performing a chunking operation on a detection target file, and inversely index each of the at least one file chunk as a detection target file code;
a network packet receiving unit configured to receive a network packet;
a packet chunk processing unit configured to generate at least one packet chunk by performing a chunking operation on a network packet;
a chunk query unit configured to generate a packet chunk query word for each of the at least one packet chunk and provide the packet chunk query word to the inverse indexing database unit to receive the detection target file code; and
a file code determining unit configured to determine an identified detection target file code in the network packet based on the received detection target file code,
wherein the network packet receiving unit is further configured to receive a series of continuously received network packets,
wherein the packet chunk processing unit is further configured to, based on an error in a specific network packet among the series of the network packets being equal to or greater than a predetermined criterion, assume a detection target file code of the specific network packet based on an adjacent detection target file code of an adjacent network packet of the specific network packet and to not perform the chunking operation on the specific network packet, and
wherein the inverse indexing database unit, the network packet receiving unit, the packet chunk processing unit, the chunk query unit, and the file code determining unit are each implemented via at least one processor.
|