Eunyoung Kim
National Security Research Institute
email: eykim@etri.re.kr
The hacking event of importance server that use the malicious code and backdoor recently is happening so much. This malicious code commits various hacking action without user's permission. But we can not detect new malicious code without new update virus DB. So in this paper, we suggest a new detection method, previously running new malicious code for real time system monitoring. And then our detection method is based to policy weighted-based method. Our developed system installs in user area and detects malicious code using real-time system monitoring through backdoor happened if is rain to user system. Our malicious code detection methods have two detection methods. First, we will detect known malicious code using malicious code DB. This method is similar to pattern matching. Second, we will try to detect by malicious code detection policy in case of unknown malicious code invaded to user system.