APPARATUS FOR RECOGNIZING MALWARE THROUGH PROCESS MINING

摘要

The device for recognizing malicious code through process mining of the present invention includes an XES log conversion unit that collects the system event log of the operating system and converts it into a process activity log in the XES log format, and the process analysis unit analyzes the process activity log using the process mining technique to determine abnormalities It detects malicious code from the system event log collected in the operating system, including the process analysis unit that identifies the process performing the activity.