SYSTEM AND METHOD FOR DETECTING VARIETY MALICIOUS CODE

摘要

PURPOSE: A system for detecting a variant malicious code and a method thereof are provided to code the order of real actions based on real action information of the malicious code, thereby grasping a variant relation between malicious codes. CONSTITUTION: A malicious code collection unit (110) collects malicious codes which are distributed on the internet and stores the same as malicious code information. A standard action extraction unit (120) performs static or dynamic analysis corresponding to a malicious action based on sample malicious code information on the internet and extracts standard action information. A malicious action determination unit (130) determines a real malicious action of the malicious code information based on the standard action information. When the real malicious action is determined, a real action extraction unit (140) filters a normal action part in the malicious code information and extracts real action information corresponding to the malicious action. [Reference numerals] (110) Malicious code collection unit; (120) Standard action extraction unit; (130) Malicious action determination unit; (140) Real action extraction unit; (150) Action sequence extraction unit; (160) Data storage unit; (170) Communication unit; (180) Control unit; (200) Server; (210) Client; (AA) Internet network