Abstract: A computer-readable recording medium having recorded a worm determination program capable of reliably determining a worm-infected communication. A worm determination apparatus for executing the program includes a plurality of physical ports functioning as network connection ports, a communication-information-acquisition unit, and a worm determination unit. The communication-information-acquisition unit acquires information about a packet type, classified according to a transmission-source address. The worm determination unit determines whether a communication is performed by a worm, based on the information about the packet type, classified according to the transmission-source address, acquired by the communication-information-acquisition unit and a determination criterion used for determining whether a communication is performed by a worm.

Abstract: An unauthorized or illegal access preventing system implementing security procedures to an application layer without having to rely on business applications of an application server having a web container. The illegal or unauthorized access supervising system includes an operation describing file storing operation sequence of a normal operation of a business application, a web container as the execution base of a plurality of business applications, an inspection log function provided to the web container to acquire an operation log of the business applications, and an application supervising function executing an operation in accordance with a comparison result by comparing, with reference to the log stored in the inspection log function, the operation sequence of the business applications of the web container with the operation sequence of the normal operation stored in the operation describing file.

Abstract: A malicious access-detecting apparatus which is cable of grasping the whole aspect of an attack which can occur, before it actually occurs. A monitoring information-collecting section collects monitoring information including the network events detected by the monitoring devices on networks. A malicious apparatus group-deriving section retrieves a corresponding piece of the event information from an event information storage device, and derives, based on the retrieved piece of the event information, apparatuses that are involved in relevant detected network events which belong to the predetermined type of network events and of which addresses of senders or recipients are same, as a malicious apparatus group involved in the predetermined type of malicious access. A storage section stores information on each derived malicious apparatus group. An output section outputs a list of the each derived malicious apparatus group.

Abstract: An unauthorized access detection device capable of detecting unauthorized accesses which are made through preparation, in real time. When a packet travels on a network, a key data extractor obtains the packet and obtains key data. Next an ongoing scenario detector searches an ongoing scenario storage unit for an ongoing scenario with the key data as search keys. A check unit determines whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit. Then a report output unit outputs an unauthorized access report depending on the check result of the check unit.