The wide variety of hacker attack spectrum means that the range of APT attacks will vary. However, polymorphism of scope and penetration method also means that more than 90% of the attacks use unknown malicious code. In other words, the actions after the infiltration are to take full control of the system, monitor the activity of the system for a long time, and take actions that steal user's useful information. In this study, we use the detection result as metadata, which is a core element of intelligent cyber attack, using the framework for the steady detection of unknown malicious codes, and the result is various factors for generating attack profile of hacker in SIEM As a meaningful identifier, to detect potential hacker attacks more intelligently. The results of the study also show that the system was developed and verified as real data in a commercial environment. In addition, the research contents proposed in this paper are expected to be more practical as the accumulation of large amounts of data as they operate directly in a commercial environment without remaining in the effectiveness test.