METHOD FOR ANALYZING UPDATE OF MALICIOUS CODE ON ANALYSIS SYTEM OF MALICIOUS CODE BASED ON CULTURE

摘要

The present invention relates to a culture-based system for analyzing malicious codes which infect culture agents, cultures and analyzes the malicious codes. The system comprises: an analysis managing server which controls culture agents through a net and manages results of malicious code analysis of the culture agents; at least one culture agent which generates a pool of one or more malicious codes, determines whether a malicious code to be analyzed is a new one by calculating and searching for MD5 for each malicious code in the pool for culture analysis, generates a list of files generated by execution of each malicious code, and determines whether a malicious code to be analyzed is updated one by calculating and searching for MD5 of the files in the list; and a router which limits a traffic bandwidth of a network to block malicious traffic, which can be released from the culture analysis agent to the outside. According to the present invention, a network and a host operation environment for safe culture and analysis of malicious codes are provided to construct the culture-based system for analyzing a malicious code which can cope with anti-virtual-machine malicious codes, inactive in a virtual-machine environment. In addition, the system analyzes activity of malicious codes in the view of time line and monitors changes and activities of the malicious codes such as update. Accordingly, the system not only can detect approach of a new malicious code but also can analyze and determine how existing malicious codes, which have infected, are updated and evolved.