INFORMATION PROCESSING DEVICE, ILLICIT ACTIVITY DETERMINATION METHOD, ILLICIT ACTIVITY DETERMINATION PROGRAM, INFORMATION PROCESSING DEVICE, ACTIVITY DETERMINATION METHOD, AND ACTIVITY DETERMINATION PROGRAM

摘要

A problem to be solved by the present invention is to reduce false positives and false negatives in malware detection. Provided is an information processing device (20), comprising: a comparison unit (251) which compares communications from terminals which are connected to a network with pre-retained patterns; a determination unit (254) which, according to the result of the comparison, determines evaluation values which signify the degree to which it is presumed that the terminals are acting illicitly and illicit activity phases; a retaining unit (255) which retains maximum evaluation values for each phase for each terminal; and an assessment unit (257) which assesses whether the terminals are carrying out the illicit activities on the basis of the maximum evaluation values for each phase.