摘要 |
PURPOSE: An automatic malicious code detecting method is provided to improve the performance of a malicious code classification device by classifying similar programs as the same kind. CONSTITUTION: An event set is generated by extracting an event in a range set by a program (910). An unnecessary event to determine the similarity of the program is removed from the event set (920). An event included in the event set is generalized (930). An event indicated as the same order is extracted by analyzing the event set (940). The similarity of the program is calculated based on event order (950). A malicious code of the program is classified based on the similarity (960). [Reference numerals] (910) Event set is generated by extracting an event in a range set by a program; (920) Unnecessary event to determine the similarity of the program is removed from the event set; (930) Event included in the event set is generalized; (940) Event indicated as the same order is extracted by analyzing the event set; (950) Similarity of the program is calculated based on event order; (960) Malicious code of the program is classified based on the similarity; (AA) Start; (BB) End |