METHOD AND APPARATUS FOR ANALYZING DYNAMIC BEHAVIOR OF MALICIOUS APPLICATION

摘要

According to an embodiment of the present invention, a method for analyzing a dynamic behavior of a malicious application comprises the steps of: receiving an application suspicious as a malicious application from an application server, and executing the received application in a virtual environment-based emulator; performing a dynamic behavior test for the received application in the executed virtual environment-based emulator; storing a log file generated during the performance of the dynamic behavior test in a database; extracting application program interface (API) information for calling a pre-defined dynamic analysis API when the application is driven, and call count information from the log file; and confirming the API information and the call count information to detect an abnormal behavior for the application. Thus, according to an embodiment of the present embodiment, a malicious behavior of a malicious application is easily detected through a dynamic behavior test based on a virtual environment, and the leakage of personal information is prevented. Also, hard coding is performed with data of an actual terminal through modification of a framework, thereby neutralizing an analysis avoidance attempt through the fingerprinting.;COPYRIGHT KIPO 2017