摘要 |
PROBLEM TO BE SOLVED: To efficiently identify a communication content performed by malware without making the malware actually act. ! SOLUTION: A malware communication analyzer stores a signature describing a characteristic of communication performed by malware, key extraction information describing a method for extracting a cipher key from a communication packet, and decryption function information, which is information on a decryption function used by the malware, in association with each other; analyzes a communication packet to generate packet analysis data in which a result of the analysis is stored; compares the packet analysis data with a signature to determine whether or not both of them agree with each other; extracts a cipher key from the packet analysis data by using key extraction information associated with the signature when it is determined that both agree; and decrypts cipher text of the packet analysis data by using the cipher key and decryption function information corresponding to the si |