摘要 |
Disclosed are a method and apparatus for detecting a malicious code that causes data to flow out. A method of detecting a malicious code in a server connected to a user terminal through a communication network according an embodiment of the present invention includes the following steps: receiving report information including destination information from multiple user terminals which recognize a monitoring target process of data outflow, except for any processes by user instructions; determining if the data outflow destinations are the same or similar with each other based on the received report information in order to determine whether the monitoring target process is executed by a malicious code; and providing the determination result to the user terminals. According to the present invention, a center collects the information about data outflow from a user terminal to an outside source to analyze big data, such that it is determined whether a corresponding process is executed by a malicious code, thereby detecting a new malicious code in a short period of time. |