摘要 |
The present invention relates to a system for detecting and coping with unknown malware based on a penalty and a method thereof and, more specifically, to a system and method for constructing a penalty scoring scheme based on static and dynamic characteristics of existing malwares, continuously monitoring processes executed on a computer system to give a penalty according to penalty criteria, determining that a malware occurs when the penalty more than a reference value is generated, and performs a countermeasure according to a set command, in order to detect and cope with the unknown malware of which signature is not obtained as well as the known malware. The present invention adopts a scheme of continuously observing the processes at a user terminal, which is different from a conventional scheme of performing an analysis behavior for a set time, and then determining whether the malware occurs, so can effectively detect the latest advanced persistent threat (APT) attack scheme of performing a malicious behavior little by little over several months to make an intrusion into the computer system. |