摘要 |
<P>PROBLEM TO BE SOLVED: To generate a software detection rule (malware detection rule) enabling high-accuracy detection of malware. <P>SOLUTION: A software detection rule generation device 1 comprises: a single log/file extraction part 11 for extracting a single behavior log or configuration file from behavior logs or configuration files constituting malware; a character string extraction part 12 for, with respect to two or more different conditions, extracting a character string corresponding to a predetermined condition from the single behavior log or configuration file extracted by the single log/file extraction part 11; and a rule generation part 13 for generating a malware detection rule including a requirement that a specific character string appears in accordance with the condition, with respect to the two or more different conditions, on the basis of the character string extracted by the character string extraction part 12. <P>COPYRIGHT: (C)2013,JPO&INPIT |