In accordance with rapid growth of a network infra, a malware code also spreads rapidly. Therefore, it becomes more difficult to detect or cope with the malware code which becomes a base unit of a cyber-attack.
According to the related art, a method for detecting a malware code includes a static analysis method which analyzes a source code of an executable file and a dynamic analysis method which uses a behavior or system information when the malware code is executed.
In the case of the static analysis method, it is possible for a hacker to make static analysis of a malware code impossible using a technique of compressing, packing, and encrypting an executable file.
In the case of the dynamic analysis method, a signature is generated by generating a specific conditional expression using statistic data or depending on whether there is information corresponding to a specific behavior. According to this method, accurate detection may be allowed. However, it is difficult to detect a metamorphic or unknown malware code.