摘要 |
PROBLEM TO BE SOLVED: To dynamically analyze a large number of malware with limited computer resources.SOLUTION: A monitoring device performs time-division dynamic analysis to malware, and records an operation record of the malware. The monitoring device refers to the operation record, and determines the malware to be subjected to consecutive dynamic analysis when the malware establishes communication with any host on a network within a predetermined period. Upon determination that the malware has not established communication with any host on the network within the predetermined period, the malware is determined to be subjected to the time-division dynamic analysis. |