1. Field of the Invention
The present invention relates to security of a web-based electronic transaction site, and more specifically to, in operating an internet-based electronic transaction program, an internet site security system for blocking malicious access of a hacker and preventing special data and a processing method of the corresponding electronic transaction site from being transformed and a method thereof.
2. Description of the Related Art
Generally, a tampering act of an executing image code on a memory is done by carrying out a hooking act many times, and, in some hacking tools, is caused by tampering special code arbitrarily in order to produce a different action which is unlike the original action of the executing image.
Such an act of tampering causes many security problems by precluding an action to be carried out in effect. For example, a malicious program forms a Rootkit that prevents itself from being found by the hooking and the data tampering of the special executing image, and thereby it hides itself and makes a processing method to be changed or causes a wrong operation by continuously trying to attack the normal executing image. Also, it may be used in a reversing process such as a crack etc. which enables a user without permission to access use of the electronic transaction program without an authentication procedure by a correcting code part related with authentication.
In relation to this, existing programs used in web-based electronic transaction systems have many security problems due to generality in the internet environment and its intrinsic weakness.
To compensate for these weaknesses in security, various security products are used together such as a keyboard security product for protecting contents for a user to input through the keyboard, PKI security products for protecting exchanged data on the internet, a digital certificate for identification and confirmation of data integrity in an electronic transaction, and firewall.
However, the abovementioned security systems provide security only regarding parts related to data transfer, but cannot defend against acts directly accessing and tampering a memory of an electronic transaction program in which data are trimmed, produced and processed, or acts accessing or tampering web page source code. Thereby, it is anticipated that hackers continuously attack programs themselves processing the electronic transaction based on the internet. Thus, defense against hackers' malicious access and attacks such as transformation of data and processing methods on the special programs which are executed based on the internet are needed.