Abstract: Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.

Abstract: A malware analysis device 10 includes: a dynamic analysis unit 11 which performs dynamic analysis of malware; a communication determination unit 12 which determines whether communication by the malware occurs when the dynamic analysis unit 11 performs dynamic analysis; a static analysis requesting unit 13 which suspends communication when the communication determination unit 12 determines that the communication by the malware occurs to present a request to perform static analysis; and a setting changing unit 14 which sets a device as a communication destination of the malware to make a response obtained by the static analysis as being expected by the malware.

Abstract: A malware analysis device 10 includes: a dynamic analysis unit 11 which performs dynamic analysis of malware; a communication determination unit 12 which determines whether communication by the malware occurs when the dynamic analysis unit 11 performs dynamic analysis; a static analysis requesting unit 13 which suspends communication when the communication determination unit 12 determines that the communication by the malware occurs to present a request to perform static analysis; and a setting changing unit 14 which sets a device as a communication destination of the malware to make a response obtained by the static analysis as being expected by the malware.

Abstract: Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.

Abstract: Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.

Abstract: A malware analysis device 10 includes: a dynamic analysis unit 11 which performs dynamic analysis of malware; a communication determination unit 12 which determines whether communication by the malware occurs when the dynamic analysis unit 11 performs dynamic analysis; a static analysis requesting unit 13 which suspends communication when the communication determination unit 12 determines that the communication by the malware occurs to present a request to perform static analysis; and a setting changing unit 14 which sets a device as a communication destination of the malware to make a response obtained by the static analysis as being expected by the malware.

Abstract: To provide a path control system, a control device and a path control method that can achieve reduction of the load on a gateway device, there are included a communication device, a communication device, a security device that provides a security feature to data transmitted and received between the communication device and the communication device, and a path control device that selects one of a first path through the security device and a second path not through the security device as a communication path of the data based on a path information table where an attribute of the data and a communication path between the communication device and the communication device are associated.

Abstract: Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.

Abstract: A network system according to the present invention includes a switch configured to receive a packet from a terminal, to identify source information of the packet, to append the source information to the packet based on an instruction, and to transmit the packet, to which the source information is appended, to a communication path based on the instruction, and a controller configured to issue the instruction to the switch. Through this, communication source information, such as a user name, can be identified and the communication path can be specified for respective pieces of source information by referring to the communication from the terminal without introducing an additional device.

Abstract: To provide a path control system, a control device and a path control method that can achieve reduction of the load on a gateway device, there are included a communication device, a communication device, a security device that provides a security feature to data transmitted and received between the communication device and the communication device, and a path control device that selects one of a first path through the security device and a second path not through the security device as a communication path of the data based on a path information table where an attribute of the data and a communication path between the communication device and the communication device are associated.