摘要 |
<p>PROBLEM TO BE SOLVED: To detect an attack on a terminal by using another terminal infected with remotely operated malware, as a springboard.SOLUTION: A detection device stores external communication data including a transmission source and transmission destination addresses in a storage unit, when acquiring communication data from communication originated from the outside of a predetermined range; extracts external communication data whose transmission destination address is a transmission source address of communication data from the storage unit when the communication data is to the inside of the predetermined range and corresponds to service start, and stores service start data including a transmission destination address of the communication data in association with the external communication data in the storage unit; and notifies a user of attack detection in the case that service start data whose transmission destination address is a transmission source address of communication data is stored in the storage unit and a transmission destination address of the communication data agrees with a transmission source address included in an external communication data associated with the service start data, when the communication data corresponds to communication to the outside of the predetermined range.</p> |