ACTIVITY MONITORING SYSTEM OF MALICIOUS CODE TO CREATE A CHILD PROCESS AND ACTIVITY MONITORING METHOD THEREOF

摘要

PURPOSE: A malicious code action monitoring system and a method thereof are provided to generate a child process capable of extracting a malicious code by using action information including a child process which the malicious code additionally executes. CONSTITUTION: An action information storing module(200) stores action information which is monitored in a kernel filter driver on a first table. A malicious code action extracting module(300) extracts the action which is matched with a process of the malicious code. A child process information extracting module(400) extracts process information of the child process.