APPARATUS AND METHOD FOR DETECTION OF MALICIOUS PROGRAM USING PROGRAM BEHAVIOR

摘要

The present invention is a method and apparatus for a computer program that runs on the computer system to diagnose whether or not the malware relates, more particularly, to a computer program and an apparatus and method for diagnosing whether a malicious program using the action of a computer program, to a method and apparatus for generating the device. ; This invention diagnosis based on behavior characteristics extracted from the target program to generate a first feature vector behavior according to behavior characteristic vector generation unit, already stored diagnostic data storing a plurality of second feature vector for a plurality of samples action program known whether the rogue part, and compared the action of the first feature vector and the vector of the plurality of second characteristic behavior, infection diagnosis unit diagnosing the target program is characterized in that it comprises a cord diagnosis for diagnosing whether an infection is provided . ; by the action of a computer program executed on a computer system according to the present invention, if a particular computer program code is normal, it can be determined whether the infection.