摘要 |
<P>PROBLEM TO BE SOLVED: To detect presence of a malware infected terminal in a network. <P>SOLUTION: Normal internal communication defined between an internal terminal and another internal terminal in an internal network and normal external communication defined between an internal terminal and an external terminal connecting to an external network are pre-stored in a storage device. A malware detection device obtains communication information about an internal terminal from a network connection device, refers to the normal internal communication and the normal external communication, and obtains from the communication information and stores abnormal internal communication not defined between an internal terminal and another internal terminal and abnormal external communication not defined between an internal terminal and an external terminal to the storage device. An internal terminal is detected as a suspicious terminal based on the number of times of the stored abnormal external communication performed within a predetermined period. Presence of an internal terminal infected with malware in the internal network is detected based on the number of times of occurrence of the stored abnormal internal communication between a suspicious terminal and another suspicious terminal. <P>COPYRIGHT: (C)2012,JPO&INPIT |