1. Field of the Invention
The present invention relates to network security technology, and more particularly, to an apparatus and method for detecting whether there is present an executable code which is attackable in network data to verify a signature.
2. Description of the Related Art
In a field of security for a network, when automatically extract an attack signature to prevent network data suspicious as an attack, a lot of false positives occur at a lower threshold of the extraction and a lot of false negatives occur at a high threshold of the extraction.
In a position of a security system that should prevent an attack, at least, false negative should not occur. Accordingly, apparatuses for detecting or preventing an attack should be developed in a direction of decreasing a threshold for extracting an attack signature. In this case, occurrence of a lot of false positives is unavoidable.
To decrease the occurrence of a lot of false positives, it is required to additionally verify an extracted signature and suspicious network data related to a formation of the signature. FIG. 1 is a graph illustrating a result of the verification, in which it may be known that a reliable signature may be selected via the verification.
In general network services, a transmission of an executable code hardly occurs. Accordingly, when there is present an executable code in network data, it means that an attack code is transmitted.
In the verification, a signature extracted to prevent network data suspicious as an attack is verified by determining whether there is present an executable code, thereby increasing reliability thereof.
To perform the verification, it is required to detect whether there is present an executable code in suspicious network data in a central processing unit. However, there is provided no related technology.