摘要 |
<p><P>PROBLEM TO BE SOLVED: To quickly detect a malware-infected terminal. <P>SOLUTION: A malware-infected terminal detection apparatus identifies a communication protocol in network communication and a port number used for the network communication. When malware is operated, the malware-infected terminal detection apparatus acquires a communication protocol of communication with which the malware is associated and a port number used for the communication with which the malware is associated from a storage unit. Then, the malware-infected terminal detection apparatus detects the fact that the terminal performing network communication is infected with malware, when the identified port number is not a Well-Known port corresponding to the communication protocol and the identified communication protocol and port number are matched with the acquired communication protocol and port number. <P>COPYRIGHT: (C)2013,JPO&INPIT</p> |