Abstract: Provided are a malicious code diagnosing system and a method of diagnosing malicious codes. According to embodiments of the present disclosure, a malicious code diagnosing operation is performed only on files that are likely to be infected by malicious codes by utilizing file change log information recorded in a file system. Accordingly, malicious code diagnosing operation can be performed more quickly and reliably than conventional diagnosing method.

Abstract: Disclosed are a computer system, a signature verification server, a method of supporting signature verification by a computer system, and a method of verifying signature.

Abstract: Provided are a malicious code diagnosing system and a method of diagnosing malicious codes. According to embodiments of the present disclosure, a malicious code diagnosing operation is performed only on files that are likely to be infected by malicious codes by utilizing file change log information recorded in a file system. Accordingly, malicious code diagnosing operation can be performed more quickly and reliably than conventional diagnosing method.

Abstract: A method for detecting whether a file includes malware is performed on a device. The method includes extracting information of at least two predetermined items in the file; creating a genetic map for the file by altering the extracted information into a previously set format; comparing the created genetic map with a previously stored malware genetic map to obtain a similarity between the created genetic map and the previously stored malware genetic map; and determining that the file is a malware when the similarity is higher than a reference value.

Abstract: An apparatus for detecting a malware in files includes an acquisition unit configured to obtain from a file system information about a first time point when an interested folder is created by the file system, and information about a second time point when an interested file is created in the interested folder by the file system, a candidate determination unit configured to determine whether the interested file is a candidate file to be subjected to a malware inspection, based on the information on the first and the second time point, and an inspection unit configured to perform the malware inspection on the interested file determined to be the candidate file for the malware inspection.

Abstract: Disclosed are a computer system, a signature verification server, a method of supporting signature verification by a computer system, and a method of verifying signature.

Abstract: A method for detecting whether a file includes malware is performed on a device. The method includes extracting information of at least two predetermined items in the file; creating a genetic map for the file by altering the extracted information into a previously set format; comparing the created genetic map with a previously stored malware genetic map to obtain a similarity between the created genetic map and the previously stored malware genetic map; and determining that the file is a malware when the similarity is higher than a reference value.

Abstract: An apparatus for detecting a malware in files includes an acquisition unit configured to obtain from a file system information about a first time point when an interested folder is created by the file system, and information about a second time point when an interested file is created in the interested folder by the file system, a candidate determination unit configured to determine whether the interested file is a candidate file to be subjected to a malware inspection, based on the information on the first and the second time point, and an inspection unit configured to perform the malware inspection on the interested file determined to be the candidate file for the malware inspection.

Abstract: The present invention relates to a system for providing a normal file database, including a database server in which a normal file database constructed for different operating systems is stored, and a file providing server for searching a normal file database corresponding to operating system information on the basis of the operating system information of a terminal installed with an antivirus program through the database server, and providing the searched normal file database to a terminal through a communication network. As described above, the present invention creates a normal file database in a state where no intrusion by external sources such as viruses or malicious code has occurred, and provides the created database to a terminal through a communication network, thus improving the reliability of the normal file database.