1. Field of the Invention
The present invention relates to an apparatus and method for detecting a malicious process and, more particularly, to an apparatus and method for detecting a malicious process which can monitor not only a target process but also child processes generated by the target process so as to detect malicious behavior generating a malicious process from a normal process.
2. Discussion of Related Art
In recent years, programs such as MS Office Word, MS Office PowerPoint, MS Office Excel, Hangul, and MS Windows Media Player, which support specific extensions frequently used in the computing environment, have frequently been attacked by executing arbitrary codes hidden in files using weak points of the programs. In this technique, when a file in which a malicious code is hidden is propagated via an e-mail or messenger, a user has only to execute the file using the corresponding program to execute the malicious program. Therefore, it is hard for a common user to become aware of an attack against the program, and the attack detrimentally affects the corresponding system.
Although many conventional methods have been tried in attempts to prevent the execution of malicious processes, most of them may only be effective when the malicious processes are executed by supporting specific macro modes.