摘要 |
PROBLEM TO BE SOLVED: To accurately detect latent-type malware. SOLUTION: A command type detecting part 121 detects nodes which have received packets from nodes with a threshold or more, as command type server candidates of malware. The command type detecting part 121 detects nodes which have transmitted packets to the command type server candidate nodes, as first candidates of an infected node. An infection activity detecting part 122 detects nodes which have transmitted packets to the nodes with the threshold or more, as second candidates of the infected node. A specifying part 130 specifies, as the infected node of malware, the node included in both of the first candidates of the infected node detected by the command type detecting part 121 and the second candidates of the infected node detected by the infection activity detecting part 122. COPYRIGHT: (C)2009,JPO&INPIT |