1. Technical Field
The present invention relates generally to a mobile terminal having security diagnosis functionality and a method of making a diagnosis on the security of the mobile terminal and, more particularly, to a mobile terminal having security diagnosis functionality and a method of making a diagnosis on the security of the mobile terminal, which enable abnormalities attributable to unknown malware to be detected early on in a mobile terminal.
2. Description of the Related Art
In general, a variety of mobile anti-viruses capable of detecting malware are used to make diagnoses on the security of mobile terminals. Such mobile anti-viruses detect malware using corresponding malicious patterns that are obtained by the analysis of the malware by anti-virus solution companies.
In addition to the pattern-based malware detection method, malware detection methods using behavioral analysis are being proposed. Most of the methods use a method of moving the data of a mobile terminal to a Personal Computer (PC) or a desktop computer and then detecting abnormal behavior.
A method of installing a virtual environment in a PC and analyzing behavior provides a powerful analysis method, but is disadvantageous in that behavioral analysis is difficult for the user of a mobile terminal to carry out. A method of synchronizing a mobile terminal with a PC and detecting the abnormality of the mobile terminal using the PC is problematic in that it is difficult to detect malware before a connection to the PC is established.
Meanwhile, Korean Patent No. 0878895 discloses a configuration that detects malware via the cooperation between a malware processing system installed in a mobile terminal and a separate central processing center managed via a base station. Here, the malware processing system installed in the mobile terminal continuously monitors digital data input to the mobile terminal, like a typical anti-virus, and identifies malware on a signature basis.
In the configuration, the malware processing system is configured to connect with a server in real time and monitor all values input to a mobile terminal in real time. Accordingly, the configuration is disadvantageous in that overhead may occur on the mobile terminal and it is impossible to detect malware when the connection with the server is released.