Apparatus and Method for Identifying Variety Malicious Code Using Static Analysis and Dynamic Analysis

摘要

A method for identifying a variant malicious code according to an embodiment of the present invention includes the steps of: firstly classifying a plurality of incoming malicious codes into existing malicious codes or variant malicious codes through static analysis; classifying the firstly classified existing malicious codes based on learning data which is previously learned or selecting at least one representative malicious code by dynamically analyzing data of the firstly classified variant malicious codes for a secondary classification; and identifying the mutual relationship of the representative malicious code and the secondarily classified existing malicious codes according to a predetermined reference value. Accordingly, the present invention can more accurately and flexibly analyze the variant malicious code.