摘要 |
PURPOSE: An apparatus for detecting execution and compression of a malicious code and a method thereof are provided to enhance diagnostic performance for the malicious code by measuring entropy of an executed file. CONSTITUTION: An executable files are collected to be checked whether a malicious code exists or not by an executable file collector(102). An entropy measuring unit(104) calculates an entropy value of the executable files which are collected in the executable file collector. An testing unit(106) for execution and compression compares measured two entropy values of the executable files. The testing unit for execution and compression decides the executable file as an execution and compression file when the measured entropy value is lower than a set value. |