摘要 |
PURPOSE: A device and a method thereof are provided to protect select folders and files from a malignant code and collect the behavior pattern of the malignant code. CONSTITUTION: A malignant code acting pattern collection device includes a file access API (Application Program Interface) hooking unit (11), an API analysis unit (12) that analyzes the object file of a nearing API, an API execution unit (13), a log collection unit (14), and an API execution result notification unit (15). The hooking unit detects the malignant code which comes close to select files and folders while the API analysis unit analyzes the incoming API object folder. If the folders and files are to be protected, the execution unit launches the incoming API on a dummy folder. The log collection unit stores the information about the incoming API, and a log analysis unit which analyzes log records and extracts the behavior pattern of a hacking process can be added. [Reference numerals] (11) File access application program interface (API) hooking unit; (12) API analysis unit; (13) API execution unit; (14) Log collection unit; (15) API execution result notification unit; (16) Log analysis unit
|