ELECTRONIC SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE

摘要

According to the present invention, provided is an electronic system for detecting malicious code, the system comprising: categorization information storage which stores categorization information about a category for each system call generated on a user device; model information storage which stores information about one or more normal call models generated based on respective system calls generated when normal code is executed, and one or more malicious call models generated based on respective system calls generated when malicious code is executed; a data receiver which receives data of a detection target call pattern including system calls generated by an application executed on the user device; an application characteristic extractor which extracts characteristics of the system calls included in the detection target call pattern by referring to the categorization information; and a code detector which detects whether execution code of the application is malicious by comparing the extracted characteristics with at least one of the normal call models and the malicious call models. According to the present invention, not only already known malicious code but also variant malicious code or unknown malicious code can be detected.