摘要 |
PROBLEM TO BE SOLVED: To prevent a malignant code from being executed using the vulnerable point of a program.SOLUTION: An aggression detection device using the vulnerable point of a program includes: a hooking processing unit 41 that hooks a function to temporarily suspend execution of a process when the process is executed so as to perform a particular action in the process and a particular function is invoked; an information collection unit 42 that checks the call stack of a hooked function by the hooking processing unit 41 to collect and output call stack return address information; and an information determination unit 43 that detects a malignant action by analyzing the call stack return address information output from the information collection unit 42 to prevent a malignant code from being executed. Code execution or malignant access in the whole region of a memory is detected and execution of the malignant code is prevented. |