| 发明名称 |
APPARATUS AND METHOD FOR DETECTING MALICIOUS CODE |
| 摘要 |
<p>The present invention relates to a device and a method for detecting a malicious code, based on the state of a system before and after executing a malicious code sample. The device comprises the steps of: extracting the state of a sample executing system before executing a malicious code sample; performing a static analysis and a dynamic analysis related to the malicious code sample; extracting the state of the sample executing system after executing the malicious code sample, and obtaining modified information of the system in comparison to the extracted result of the state of the sample executing system before and after executing the malicious code; and detecting a malicious behavior of the malicious code sample by using static analysis information and dynamic analysis information which are results of performing the static analysis and dynamic analysis, and the modified information of the system.</p> |
| 申请公布号 |
KR20150103903(A) |
申请公布日期 |
2015.09.14 |
| 申请号 |
KR20140025542 |
申请日期 |
2014.03.04 |
| 申请人 |
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE |
发明人 |
LEE, SANG ROK;LEE, CHEOL HO;JANG, IN SOOK;KIM, JUNG SUN;KANG, JUNG MIN |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
