A SYSTEM FOR PREVENTING MBR(MASTER BOOT RECORD) ATTACK OF MALICIOUS CODES USING A CONTROL LIST AT THE KERNEL LEVEL AND THE COMPUTER-READABLE RECORDING MEDIUM HAVING RECORDING THE PROGRAM THEREOF

摘要

PURPOSE: A system for preventing MOR(Master Boot Record) attack using a control list in a kernel level and a computer readable recording medium recording the same are provided to virtually record MBR change information even if a suspicious process does not change MBR, thereby accurately analyze whether all suspicious process including hidden process is malicious or not in advance. CONSTITUTION: A system call hooking controller(310) hooks a system call which requests the change of MBR(Master Boot Record) in a OS(Operating System). A control list manager(320) stores a control list including a allowance and denial list. A virtually changing unit(350) record a MBR modification information to a virtually changing storage according to MBR modification information of the system call. A malicious process determiner(340) determines a allowance and denial of the hooking system call based on the control list.