摘要 |
<P>PROBLEM TO BE SOLVED: To provide an application determination system and program for determining whether or not an application under consideration is unauthorized based on a log in which the behavior of an application is recorded. <P>SOLUTION: A process ID extraction section 20a extracts the identification information of a process associated with the identification information of a specific application from an application log. A kernel log extraction section 20b extracts a part having the identification information of the process extracted by the process ID extraction section 20a from a kernel log. A file operation content extraction section 20c extracts the execution content of a system call associated with the identification information of a system call relating to a file operation from the part extracted by the kernel log extraction section 20b. A determination section 20d determines whether or not the execution content of the system call extracted by the file operation content extraction section 20c shows an operation to a specific directory. <P>COPYRIGHT: (C)2012,JPO&INPIT |