DEVICE AND METHOD FOR DETECTING MALICIOUS SHELL CODE USING DEBUGGING EVENT

摘要

PROBLEM TO BE SOLVED: To correctly detect a malicious non-executable file in a short period of time before executing malware.;SOLUTION: A malicious shell code detection device 100 includes a warning setting part 130 for performing setting so as to generate a debugging event when a mother process generated by a mother program for executing a non-executable file attempts to execute a code without an execution attribute, an information storage part 140 for storing address range information of a memory in which a normal module to be used by the mother process is loaded, and a malice determination part 150 for determining the existence/absence of a malice to the non-executable file by using the address range information that has already been acquired if the debugging event is generated.;COPYRIGHT: (C)2014,JPO&INPIT