APPARATUS AND METHOD FOR ENDPOINT DETECTION AND RESPONSE TERMINAL BASED ON ARTIFICIAL INTELLIGENCE BEHAVIOR ANALYSIS

摘要

The present invention relates to an EDR (Endpoint Detection and Response) technology based on artificial intelligence behavior analysis, in which an EDR device based on artificial intelligence behavior analysis is based on whether the existing file metadata has been changed based on the file metadata on the file to be tracked. A file change detection unit that detects a known anomaly behavior determination unit that determines whether an expected behavior in the traceable file generates a known threat through a first learning network formed through a file metadata population when the change is detected; and When the change is detected, an unknown abnormal behavior detection unit that determines a possibility that an expected behavior in the traceable file generates an unknown threat through a second learning network formed through the SYSCALL graph population is included.