| 摘要 |
PURPOSE: A device for detecting a malignance domain and a method thereof, capable of providing fast and integrated security service by collecting malcode test target from all security devices in a system, detecting and distributing a malcode and the malignance domain. CONSTITUTION: A file executer(1130) records network behaviors driven by a malcode. Once the occurrence of DNS(Domain Name Service) query traffic in order to connect to domain is included in a network behavior, a domain executor(1140) extracts the domain from the DNS query traffic. A malignancy domain detector(1150) compares the extracted domain with a normal domain list. If the domain is not included in the normal domain list, the malignancy domain detector determines it as a malignancy domain and detects the malignancy domain. [Reference numerals] (1110) Interface; (1120) Inspection history determination unit; (1130) File execution unit; (1140) Domain extraction unit; (1150) Malicious domain extraction unit
|
