摘要 |
PROBLEM TO BE SOLVED: To provide a fraudulence detection device, program, and a recording medium capable of detecting fraudulent communication by computer virus. SOLUTION: For each block constituting a first IP address and a second IP address indicating the relation of signal transmission and reception concerning an fraudulent communication by computer virus, an information entropy value calculation part 103 calculates the first value to represent the degree of dispersion of the address value having appeared. Another information entropy value calculation part 107 calculates the second value to represent the degree of dispersion of the address value having appeared for each block constituting a third IP address and a fourth IP address indicating the relation of signal transmission and reception concerning the communication of the object to be analyzed. An fraudulence detection part 109 determines the similarity of illegal communication and the communication of the object to be analyzed on the basis of the first and second values of each block, and if the similarity is high, determines that an fraudulence is committed. COPYRIGHT: (C)2009,JPO&INPIT |