Abstract: The present invention provides a malware analysis apparatus, a malware analysis method, and a malware analysis system that, in a case where dynamic analysis and static analysis are combined to analyze malware, make it possible to analyze malware more easily compared with a case where the analysis is performed without using the configuration adopted by the present invention. The malware analysis apparatus includes an analysis section, a conversion section, and a generation section. The analysis section performs dynamic analysis and static analysis of analysis target malware. The conversion section converts results of the dynamic analysis and the static analysis into natural language, and generates explanations of the analysis results. The generation section generates information regarding a behavior of analysis target malware, the information being obtained by comparing the explanations generated respectively from the dynamic analysis and the static analysis.

Abstract: Disclosed is an information sharing system that includes a concealment processing section, an analysis section, and an information transmission section. The concealment processing section conceals information collected from any one or more of multiple organizations in accordance with the level of credibility between the organizations. The analysis section makes an analysis by using the information concealed by the concealment processing section and an analysis logic collected from any one or more of the multiple organizations. The information transmission section transmits the result of analysis by the analysis section to any one or more of the multiple organizations, and allows each organization to share the result of analysis.

Abstract: An information management system is provided with a data processing unit that receives, from an information processing apparatus corresponding to a different party, information managed by the different party, calculates a reliability level with respect to the different party, and calculates a confidence level with respect to the information based on the received information and the calculated reliability level, a countermeasure process setting unit that, based on the calculated confidence level, determines details of a countermeasure process with respect to details indicated by the information, and a reliability level updating unit that changes the reliability level based on the details of the countermeasure process, thereby increasing the possibility of effective processing based on information obtained from a different party.

Abstract: In a malware analysis support system and a malware analysis support method of supporting a malware analysis, the analyst computer includes an analysis input unit configured to input analysis conditions of the malware analysis, an analysis purpose input unit configured to input analysis purpose information that is information corresponding to a malware analysis purpose included in the analysis conditions and collected through the malware analysis, and an analysis procedure suggestion unit configured to display an analysis procedure of the malware analysis, the analysis computer includes a recommended analysis procedure creation unit configured to execute a process for calculating the analysis procedure to be recommended to the user on a basis of the analysis conditions, the analysis purpose information, a past analysis procedure, and a current analysis procedure, and the analysis procedure suggestion unit recommends, to the user, the analysis procedure calculated by the recommended analysis procedure creation

Abstract: An unauthorized access detection device that includes a control device for executing: abnormal access request detection processing in which a plurality of pieces of input/output request data for accessing a file is acquired and it is determined whether or not an access mode to the file is abnormal on the basis of patterns of the acquired plurality of pieces of input/output request data; abnormal data detection processing in which, where it is determined that the access mode to the file is abnormal, it is determined, by specifying data to be written into the file on the basis of the acquired input/output request data and specifying a trend of the specified data, whether or not the specified data is abnormal data; and suspicious process resolution processing in which, where it is determined that the specified data is abnormal data, predetermined processing related to access to the file is executed.

Abstract: A response support technology for minimizing the impact on jobs as much as possible and enabling job continuity and prompt response can be realized. A response support device that supports a response executed according to a situation of an incident that has occurred in a monitoring target, includes an incident evaluation unit 103 that evaluates an impact of the incident on the monitoring target and an urgency level of the response against the incident; a response evaluation unit 104 that evaluates an impact level on jobs and an effectiveness level to the incident, for the response against the incident; a priority order determination unit 105 that determines a priority order of responses based on evaluation by the incident evaluation unit and evaluation by the response evaluation unit; and a display unit 106 that displays a screen including the priority order of responses determined by the priority order determination unit.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.

Abstract: In a network monitoring device, a CPU detects an increase point of a darknet traffic and calculates, with regard to darknet traffic corresponding to the increase point, an evaluation value indicating priority of a countermeasure against a cyberattack based on whether one or more of the following conditions are met: the darknet traffic has been detected inside a user organization; a correlation score of a darknet traffic between an observation point and the user organization is equal to or more than a threshold; a transmission source IP address is included in a blacklist; the darknet traffic is included in threat intelligence as attack information; a corresponding log is included in a honeypot; the honeypot including the log is included in the user organization; a CVSS score of a target is equal to or more than a threshold; and there is a product having vulnerability inside the user organization.

Abstract: A transaction mediation device stores transaction request information indicating estimates of profit and loss obtained by the first participant through the transaction; transaction provision information indicating estimates of profit and loss incurred based on a thing that the second participant obtains through the transaction; and behavior characteristic information indicating evaluation of behavior characteristics that affect the profit and loss of a transaction counterparty, and, for each of the one or more second participants, calculates, based on the transaction request information and the behavior characteristic information, a first expected profit that the first participant obtains through the transaction with the second participant and a second expected profit that the second participant obtains through the transaction with the first participant; and calculates and outputs a gross profit incurred from the transaction based on the first expected profit and the second expected profit.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.