Detection of Unknown Malicious Codes Based on Group File Characteristics

Malicious codes cause system failures by altering system files on computers or secretly placing Trojan horses within a system, which after a certain period of time steal/destroy key information on a computer or create mass packets. Such malicious codes approach computers by avoiding information protection systems (intrusion blocking/detection systems) that execute defences based on known information. Even if a vaccine program is in operation, the detection and elimination of malicious codes disguised as a patch (update file) and those not recognized by the vaccine program are impossible. Based on the fact that security programs, such as security patches, are applied to a network consisting of multiple computers and those computers on such a network have almost identical file characteristics and structures, this research presents ways to detect and prevent network data theft, computer damage and other network vulnerabilities in advance by isolating executable files infected by malicious codes based on identified group file characteristics.