Abstract: An information processing method is executed by an information processing device that detects an attack against a monitored object by communicating with the monitored object. The information processing method includes: obtaining attack information related to an attack against the monitored object; and determining priorities of a plurality of detection rules based on the attack information, and storing the priorities in association with the plurality of detection rules, the plurality of detection rules being used for determining whether an anomaly has occurred in the monitored object when the monitored object is attacked. The priorities indicate at least one of (i) an order in which the plurality of detection rules are used or (ii) whether to use the plurality of detection rules when determining whether an anomaly has occurred in the monitored object.

Abstract: Disclosed is an information sharing system that includes a concealment processing section, an analysis section, and an information transmission section. The concealment processing section conceals information collected from any one or more of multiple organizations in accordance with the level of credibility between the organizations. The analysis section makes an analysis by using the information concealed by the concealment processing section and an analysis logic collected from any one or more of the multiple organizations. The information transmission section transmits the result of analysis by the analysis section to any one or more of the multiple organizations, and allows each organization to share the result of analysis.

Abstract: Systems and methods described herein involve downloading the container associated with a container download request from a machine, the container being downloaded at a location outside of the machine; executing a running condition of the container for a period of time; monitoring components of the container that are executed or read during the execution of the running condition; estimating packages of the monitored components; generating an active Software Bill of Materials (SBOM) and a potential SBOM from the execution, the active SBOM associated with ones of the packages associated with ones of the monitored components that were read or executed during the execution of the running condition, the potential SBOM being remaining ones of the packages; and transmitting the active SBOM and the potential SBOM to a management server.

Abstract: A method for generating blockchain bug bounty. The method may include performing, by a first processor, bug detection by issuing a transaction for execution in runtime of a private blockchain system, wherein the private blockchain system is set in a first node of a plurality of nodes, and the first node is a private blockchain node; monitoring the transaction in the runtime and outputting first feature values associated with the transaction, wherein the first feature values are generated by performing feature extraction on the transaction.

Abstract: A connection destination malignancy determination system connected to the Internet through a network includes: a connection destination observation unit that observes a connection destination; a connection destination malignancy determination unit that determines a malignancy indicating the degree of maliciousness of the connection destination; and a countermeasure priority determination unit that determines a countermeasure priority indicating the degree of preferential countermeasure required based on the malignancy and an observation result of the connection destination.

Abstract: An information management system is provided with a data processing unit that receives, from an information processing apparatus corresponding to a different party, information managed by the different party, calculates a reliability level with respect to the different party, and calculates a confidence level with respect to the information based on the received information and the calculated reliability level, a countermeasure process setting unit that, based on the calculated confidence level, determines details of a countermeasure process with respect to details indicated by the information, and a reliability level updating unit that changes the reliability level based on the details of the countermeasure process, thereby increasing the possibility of effective processing based on information obtained from a different party.

Abstract: An unauthorized communication detection device that detects unauthorized communication in a manufacturing system that manufactures products includes: an obtainer that obtains operation information of the manufacturing system; a storage that stores element information indicating one or more target elements among a plurality of elements related to manufacturing of the products; a specifier that specifies, for each of a plurality of communications performed in the manufacturing system, an element corresponding to the communication, based on the operation information; a calculator that calculates an abnormal degree of each of one or more communications, which satisfy that the element specified by the specifier is included in the one or more target elements indicated by the element information, among the plurality of communications; and a determiner that determines that, when an abnormal degree calculated by the calculator is larger than a threshold value, a communication corresponding to the abnormal degree is th

Abstract: A detection rule output method is a detection rule output method for outputting a detection rule used in a security system that determines attack details based on log information of a vehicle, the detection rule output method including: acquiring vehicle configuration information regarding a configuration of an in-vehicle network provided in the vehicle, intrusion detection system (IDS) information regarding one or more intrusion detection systems (IDSes) mounted in the vehicle, and attack information to be detected regarding an attack on the vehicle to be detected; and outputting, to a storage device included in the security system, the detection rule that is a detection rule for detecting a location in the vehicle where an abnormality has occurred and the abnormality that has occurred in the location, and is generated based on the vehicle configuration information, the IDS information, and the attack information to be detected.

Abstract: A response support technology for minimizing the impact on jobs as much as possible and enabling job continuity and prompt response can be realized. A response support device that supports a response executed according to a situation of an incident that has occurred in a monitoring target, includes an incident evaluation unit 103 that evaluates an impact of the incident on the monitoring target and an urgency level of the response against the incident; a response evaluation unit 104 that evaluates an impact level on jobs and an effectiveness level to the incident, for the response against the incident; a priority order determination unit 105 that determines a priority order of responses based on evaluation by the incident evaluation unit and evaluation by the response evaluation unit; and a display unit 106 that displays a screen including the priority order of responses determined by the priority order determination unit.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.

Abstract: An abnormality analysis device including: an overall information obtainer that obtains overall information indicating an overall feature amount of a manufacturing system; an overall abnormal degree calculator that calculates an overall abnormal degree that is an abnormal degree of a whole of the manufacturing system by statistically processing the overall information; an individual information obtainer that obtains individual information indicating a feature amount of each of the plurality of constituent elements; an individual abnormal degree calculator that calculates an individual abnormal degree that is an abnormal degree of each of the plurality of constituent elements by statistically processing the individual information; and a determiner that determines whether or not the overall abnormal degree exceeds a threshold value, wherein the individual abnormal degree calculator calculates the individual abnormal degree when the determiner determines that the overall abnormal degree exceeds the threshold valu

Abstract: A computer system comprises an analysis module configured to execute dynamic analysis for a sample of a malicious program, and to output an analysis result including a coupling destination to and from which the malicious program communicates; a variation detection module configured to detect variation of the coupling destination based on results of cyclic observation of the coupling destination, and to output a result of the detection; and an information sharing module configured to store information output from the analysis module and information output from the variation detection module in a form that allows sharing among a plurality of external computers.

Abstract: A transaction mediation device stores transaction request information indicating estimates of profit and loss obtained by the first participant through the transaction; transaction provision information indicating estimates of profit and loss incurred based on a thing that the second participant obtains through the transaction; and behavior characteristic information indicating evaluation of behavior characteristics that affect the profit and loss of a transaction counterparty, and, for each of the one or more second participants, calculates, based on the transaction request information and the behavior characteristic information, a first expected profit that the first participant obtains through the transaction with the second participant and a second expected profit that the second participant obtains through the transaction with the first participant; and calculates and outputs a gross profit incurred from the transaction based on the first expected profit and the second expected profit.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.

Abstract: An unauthorized communication detection device that detects unauthorized communication in a manufacturing system that manufactures products includes: an obtainer that obtains operation information of the manufacturing system; a storage that stores element information indicating one or more target elements among a plurality of elements related to manufacturing of the products; a specifier that specifies, for each of a plurality of communications performed in the manufacturing system, an element corresponding to the communication, based on the operation information; a calculator that calculates an abnormal degree of each of one or more communications, which satisfy that the element specified by the specifier is included in the one or more target elements indicated by the element information, among the plurality of communications; and a determiner that determines that, when an abnormal degree calculated by the calculator is larger than a threshold value, a communication corresponding to the abnormal degree is th

Abstract: An abnormality analysis device including: an overall information obtainer that obtains overall information indicating an overall feature amount of a manufacturing system; an overall abnormal degree calculator that calculates an overall abnormal degree that is an abnormal degree of a whole of the manufacturing system by statistically processing the overall information; an individual information obtainer that obtains individual information indicating a feature amount of each of the plurality of constituent elements; an individual abnormal degree calculator that calculates an individual abnormal degree that is an abnormal degree of each of the plurality of constituent elements by statistically processing the individual information; and a determiner that determines whether or not the overall abnormal degree exceeds a threshold value, wherein the individual abnormal degree calculator calculates the individual abnormal degree when the determiner determines that the overall abnormal degree exceeds the threshold valu

Abstract: Provided is a system whereby information on activities obtained by way of monitoring system access to input and output devices and storage devices in a terminal as well as information on activities executed by way of a terminal and obtained by way of monitoring communications through a network are associated with processes in the terminal that generated the activities, and if the activities are predetermined activities executed by the same or related processes, the system detects that unauthorized processes are running on the terminal.