THREAT DETECTION SYSTEM TO COMPARATIVE ANALYSIS OF INSTALLER FILE BASED ON SBOM WITH POINT OF VIEW OF CONSUMER

摘要

The present invention relates to a threat factor detection system and detection method through comparative analysis of SBOM-based installation files from the consumer's perspective, which can determine the presence of malicious code by analyzing the patch file of the software. SBOM (Software Bill of Materials) information about the type of API function and the parameters of the corresponding API function at the time of calling the API function is saved as previous component information, and the type of API function and API function for executing the installation file to be confirmed A reference information DB that stores SBOM information about the parameters of the corresponding API function as the next component information at the time of calling; a component decomposition module that extracts components of the installation file input to the client terminal; To extract the SBOM of the above component, check the API function, check the monitored API function called when running malicious code by setting the status value for the API function, and link the code block of the monitored API function with a disassembler. Extract, backtrack the code call information for the code block of the API function to be monitored, check the parameters at the time of call, and generate SBOM information about the type and parameters of the API function for which the parameters were confirmed as the following component information to use as a standard. API information extraction module stored in information DB; It includes a comparative analysis module that compares the next component information generated by the API information extraction module with the previous component information of the corresponding API function to check whether they match.