摘要 |
PURPOSE: A malicious code detection method based on a network and a detection server thereof are provided to perform efficient diagnosis for new malicious code by storing most signature data and processing a query only if necessary. CONSTITUTION: A reception unit(310) receives, from a client which includes a malicious code diagnostic engine, first information as a query, wherein the first information includes a target file which is processed. A signature matcher(320) searches for a signature that matches the first information and generates second information including the searched signature. A transmission unit(315) transmits the second information to the client, and the filtering information including the portion used for malicious code filtering is transmitted to the client as signature data in advance.
|