SYSTEM FOR PREVENTING MBR ATTACK USING A CONTROL LIST IN A KERNEL LEVEL AND A COMPUTER READABLE RECORDING MEDIUM RECORDING THE SAME, CAPABLE OF COLLECTING MBR CHANGING INFORMATION EVEN IF A SUSPICIOUS PROCESS DOES NOT CHANGE MBR

摘要

PURPOSE: A system for preventing MOR(Master Boot Record) attack using a control list in a kernel level and a computer readable recording medium recording the same are provided to virtually record MBR change information even if a suspicious process does not change MBR, thereby accurately analyze whether all suspicious process including hidden process is malicious or not in advance.;CONSTITUTION: A system call hooking controller(310) hooks a system call which requests the change of MBR(Master Boot Record) in a OS(Operating System). A control list manager(320) stores a control list including a allowance and denial list. A virtually changing unit(350) record a MBR modification information to a virtually changing storage according to MBR modification information of the system call. A malicious process determiner(340) determines a allowance and denial of the hooking system call based on the control list.;COPYRIGHT KIPO 2010