DEVICE, SYSTEM, METHOD, AND COMPUTER PROGRAM FOR INFERRING ATTACKER GROUP

Abstract

Provided are a device, system, method, and computer program for inferring an attacker group by analyzing malicious code. The system includes a sandbox pool manager configured to allocate analysis target files for inferring an attacker group to one or more nodes and separately execute the analysis target files in separate malicious code analysis environments by controlling each node, an event manager configured to determine in real time whether all events related to the analysis target files have been collected on the basis of running state information of each node and collect events which are recorded in the malicious code analysis environments of each of the nodes and related to the analysis target files, an attacker group inference part configured to infer an attacker group by analyzing the collected events, and an analysis result provider configured to provide information on the inferred attacker group.

CPC Classifications