DEVICE AND METHOD FOR CLASSIFYING MALICIOUS CODES MODIFIED ACCORDING TO API LEVEL OF OPERATING SYSTEM, AND RECORDING MEDIUM HAVING PROGRAM FOR PERFORMING SAME RECORDED THEREON

Provided is a method for classifying malicious codes, the method comprising the steps of: collecting system function information; generating API classification information by classifying the API level; extracting reference operation information according to the target API level of an application; extracting, for the application, information about a modification operation operating at a different API level; and classifying malicious codes according to the operation information. L'invention concerne un procédé de classification de codes malveillants, le procédé comprenant les étapes consistant : à collecter des informations de fonction de système ; à générer des informations de classification d'interface de programmation d'application (API) par la classification du niveau d'API ; à extraire des informations d'opération de référence selon le niveau d'API cible d'une application ; à extraire, pour l'application, des informations concernant une opération de modification fonctionnant à un niveau d'API différent ; et à classifier des codes malveillants selon les informations d'opération. 악성코드를 분류하는 방법에 있어서, 시스템 기능 정보를 수집하는 단계; 상기 API 레벨을 분류하여 API 분류 정보를 생성하는 단계; 어플리케이션의 목표 API 레벨에 따라 기준 동작 정보를 추출하는 단계; 상기 어플리케이션에 대해, 다른 API 레벨에서 동작하는 변형 동작 정보를 추출하는 단계; 및 동작 정보에 따라 악성코드를 분류하는 단계를 포함하는, 악성코드 분류 방법을 제공한다.