APPARATUS FOR PROCESSING CYBER THREAT INFORMATION, METHOD FOR PROCESSING CYBER THREAT INFORMATION, AND MEDIUM FOR STORING A PROGRAM PROCESSING CYBER THREAT INFORMATION

摘要

The disclosed embodiment provides a cyber threat information processing apparatus, a cyber threat information processing method, and a storage medium storing a cyber threat information processing program. As an embodiment of the present invention, the method comprising: disassembling an input executable file to obtain disassembled code, and reconstructing the disassembled code to obtain a reconstructed disassembled code; converting the reconstructed disassembled code into a hash function and converting the hash function into N-gram (N-gram, N is a natural number) data; and an identifier of an attack technique in which the block unit code performs the block unit code by performing ensemble machine learning on the block unit code of the converted N-gram data, and the block unit code. It is possible to provide a method for processing cyber security threat information, including a step of profiling with the generated attacker's identifier. According to the embodiment, it is possible to detect and respond to malicious code that does not exactly match the data learned by artificial intelligence, and to respond to a variant of the malicious code. method can be identified.