DEVICE AND METHOD OF DETECTING POLYMORPHIC MALICIOUS CODE

摘要

A malicious code detecting method and an apparatus thereof are provided to detect the malicious code through a new method, not the pattern matching by analyzing the operation branched from a starting section including an execution start point to determine whether an executable file is the malicious code. By classifying received data packets according to sessions between an external server and each user system, files corresponding to each session are restored(S410~S430). An executable file having the executable format is extracted from the files(S440). According to the operation branched from a starting section including an execution start point, it is determined whether the executable file is the malicious code(S450).