Apparatus for detecting intrusion code and method using the same

A device and a method for detecting an intrusion code are provided to generate a customized immune database capable of determining the intrusion code, prevent damage caused by new or mutated malicious codes with the customized immune database, and obtain a diagnostic for the new or mutated malicious codes from a system having immunity to the new or mutated malicious codes. A setting value input unit(110) receives setting values customized to each group. An immune database generator(120) generates an immune database(140) based on the setting values. An intrusion code determiner(130) determines whether input data is an intrusion code based on the immune database. The setting value input unit receives a group feature key, a resident code list, and a random pool generation factor. The immune database generator includes a feature extractor extracting features of resident codes by using the group feature key, a pool feature generator generating random pool features based on the group feature key and the random pool generation factor, a similarity calculator calculating similarity between the features of the resident codes and the random pools, and an immune database generation manager generating the immune database from the features having the similarity under a threshold.