| 摘要 |
PROBLEM TO BE SOLVED: To facilitate detection/analysis of an attack of a document including an attack code.SOLUTION: A taint tag is previously set in a document file, and when data in which the taint tag is set are transferred to an instruction to be executed in a virtual CPU by a document file operation program, the taint tag is propagated to an execution result of the instruction. Whether or not a tag held in the instruction to be executed by the virtual CPU is set in the document is determined, and when the tag held in the instruction is set in the document, execution of an attack by the document file is detected. After detecting the attack, an instruction including the tag set in the document file becomes an analysis target. |
