摘要 |
<p>The present invention relates to a method and system for detecting harmful programs on a network by simultaneously monitoring the network and individual user terminals as a whole, and the invention comprises a network-based harmful-program detection method using a virtual machine, the method comprising the steps of: (a) analysing all network data by using packet mirroring; (b) blocking unnecessary packets by filtering by means of a filtering engine; (c) generating statistical data specific to each IP whereby packets are sent and received; and (d) recording, on a database, files that have been collected through a filtering engine, then transmitting a suspect file to a virtual machine controller, and having the virtual machine controller transmit the transmitted suspect file to one of a plurality of virtual machines, that are on stand-by, for analysis in an analyser of the virtual machine, and the invention also comprises a system for the method.</p> |