Abstract: A security management system for a remove working environment, a computer program therefor, and a method therefor are provided. The security management system monitors and tracks a behavior of an endpoint in real time after execution of a process or a network access time point. Furthermore, the security management system monitors a behavior of an operating system level on the endpoint to which the security policy is not applied in real time to detect a behavior which threatens the security management system and controls the endpoint. Furthermore, the security management system corrects and manages the security policy in response to a request about exception application of a predetermined security policy in real time to flexibly perform security management of the endpoint.

Abstract: A method for compressing a behavior event and a computer device therefor are provided. The method for compressing the behavior event includes generating, by a processor of the computer, an event block on the basis of an event target, when the behavior event occurs, updating, by the processor, input/output (I/O) information while the behavior event occurs to the event block, and storing, by the processor, the event block, when the behavior event is ended.

Abstract: A malware detection method for preventing execution of malware, a method for detecting a domain generation algorithm, and a computer device therefor are provided. The malware detection method includes monitoring, by a processor of a computer, domain name system (DNS) query requests for all processes and replies to the query requests and counting, by the processor, the number of times of failure DNS query requests per unit process and determining, by the processor, malware.

Abstract: A security management system for a remove working environment, a computer program therefor, and a method therefor are provided. The security management system monitors and tracks a behavior of an endpoint in real time after execution of a process or a network access time point. Furthermore, the security management system monitors a behavior of an operating system level on the endpoint to which the security policy is not applied in real time to detect a behavior which threatens the security management system and controls the endpoint. Furthermore, the security management system corrects and manages the security policy in response to a request about exception application of a predetermined security policy in real time to flexibly perform security management of the endpoint.

Abstract: A malware detection method for preventing execution of malware, a method for detecting a domain generation algorithm, and a computer device therefor are provided. The malware detection method includes monitoring, by a processor of a computer, domain name system (DNS) query requests for all processes and replies to the query requests and counting, by the processor, the number of times of failure DNS query requests per unit process and determining, by the processor, malware.

Abstract: A method for compressing a behavior event and a computer device therefor are provided. The method for compressing the behavior event includes generating, by a processor of the computer, an event block on the basis of an event target, when the behavior event occurs, updating, by the processor, input/output (I/O) information while the behavior event occurs to the event block, and storing, by the processor, the event block, when the behavior event is ended.