摘要 |
<p>The present invention relates to a malicious code detection technology, and more specifically, a device capable of automatically determining malicious codes by using a weighted value method and a method thereof. The method is used to determine the malicious codes in a target file in a client computer connected through a network. The method includes the steps of: defining detection rules setting the weighted values for each event occurring as a file is executed; executing the target file; recording the events occurring as the target file is executed; calculating the sum of the weighted values set by the detection rules of the recorded events; and determining whether there are malicious codes present in the target file by comparing the final sum of the weighted values to a predetermined reference value. The device is operated based on the method.</p> |