1. Field of the Invention
Methods and apparatuses consistent with the present invention relate to intrusion code detection, and more particularly, to establishing an individual feature for each computer, and detecting whether data corresponds to an intrusion code using a differentiated immune database.
2. Description of Related Art
As wired/wireless communication using a computer has developed, malicious codes such as viruses, worms, trojan horses, spam, hacking tools, and the like have become widespread, requiring technologies for preventing and detecting the spread of these malicious codes.
A related art technology of detecting a malicious code stores a signature corresponding to the malicious code, as a database, and detects the malicious code included in data by detecting the signature stored in the database.
However, since the related art technology of detecting the malicious code cannot detect all existing malicious codes, when a new type or a variety of a malicious code is distributed to a plurality of computers, the malicious code is either uniformly detected by the computers or uniformly infects the computers.
Specifically, when a computer is infected by the distributed malicious code, and the malicious code infecting the computer is distributed to a second computer, the second computer is also infected. Accordingly, all computers coming into contact with the malicious code are identically infected. On the other hand, if the malicious code can be detected in a particular computer, the malicious code can be detected in all computers.
As described above, the related art technology of detecting the malicious code has a problem in that the malicious code in all computers is identically detected when a detectable malicious code is contacted, and all computers are identically infected when an undetectable malicious code is contacted, since a database detecting the malicious code is identically configured in all computers.
Accordingly, an apparatus, which can prevent uniform detection of a malicious code, and uniform infection due to the malicious code, and have tolerance to the malicious code in a partial system, is required.