Abstract: A response support technology for minimizing the impact on jobs as much as possible and enabling job continuity and prompt response can be realized. A response support device that supports a response executed according to a situation of an incident that has occurred in a monitoring target, includes an incident evaluation unit 103 that evaluates an impact of the incident on the monitoring target and an urgency level of the response against the incident; a response evaluation unit 104 that evaluates an impact level on jobs and an effectiveness level to the incident, for the response against the incident; a priority order determination unit 105 that determines a priority order of responses based on evaluation by the incident evaluation unit and evaluation by the response evaluation unit; and a display unit 106 that displays a screen including the priority order of responses determined by the priority order determination unit.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.

Abstract: An abnormality analysis device including: an overall information obtainer that obtains overall information indicating an overall feature amount of a manufacturing system; an overall abnormal degree calculator that calculates an overall abnormal degree that is an abnormal degree of a whole of the manufacturing system by statistically processing the overall information; an individual information obtainer that obtains individual information indicating a feature amount of each of the plurality of constituent elements; an individual abnormal degree calculator that calculates an individual abnormal degree that is an abnormal degree of each of the plurality of constituent elements by statistically processing the individual information; and a determiner that determines whether or not the overall abnormal degree exceeds a threshold value, wherein the individual abnormal degree calculator calculates the individual abnormal degree when the determiner determines that the overall abnormal degree exceeds the threshold valu

Abstract: A computer system comprises an analysis module configured to execute dynamic analysis for a sample of a malicious program, and to output an analysis result including a coupling destination to and from which the malicious program communicates; a variation detection module configured to detect variation of the coupling destination based on results of cyclic observation of the coupling destination, and to output a result of the detection; and an information sharing module configured to store information output from the analysis module and information output from the variation detection module in a form that allows sharing among a plurality of external computers.

Abstract: A transaction mediation device stores transaction request information indicating estimates of profit and loss obtained by the first participant through the transaction; transaction provision information indicating estimates of profit and loss incurred based on a thing that the second participant obtains through the transaction; and behavior characteristic information indicating evaluation of behavior characteristics that affect the profit and loss of a transaction counterparty, and, for each of the one or more second participants, calculates, based on the transaction request information and the behavior characteristic information, a first expected profit that the first participant obtains through the transaction with the second participant and a second expected profit that the second participant obtains through the transaction with the first participant; and calculates and outputs a gross profit incurred from the transaction based on the first expected profit and the second expected profit.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.

Abstract: An unauthorized communication detection device that detects unauthorized communication in a manufacturing system that manufactures products includes: an obtainer that obtains operation information of the manufacturing system; a storage that stores element information indicating one or more target elements among a plurality of elements related to manufacturing of the products; a specifier that specifies, for each of a plurality of communications performed in the manufacturing system, an element corresponding to the communication, based on the operation information; a calculator that calculates an abnormal degree of each of one or more communications, which satisfy that the element specified by the specifier is included in the one or more target elements indicated by the element information, among the plurality of communications; and a determiner that determines that, when an abnormal degree calculated by the calculator is larger than a threshold value, a communication corresponding to the abnormal degree is th

Abstract: An abnormality analysis device including: an overall information obtainer that obtains overall information indicating an overall feature amount of a manufacturing system; an overall abnormal degree calculator that calculates an overall abnormal degree that is an abnormal degree of a whole of the manufacturing system by statistically processing the overall information; an individual information obtainer that obtains individual information indicating a feature amount of each of the plurality of constituent elements; an individual abnormal degree calculator that calculates an individual abnormal degree that is an abnormal degree of each of the plurality of constituent elements by statistically processing the individual information; and a determiner that determines whether or not the overall abnormal degree exceeds a threshold value, wherein the individual abnormal degree calculator calculates the individual abnormal degree when the determiner determines that the overall abnormal degree exceeds the threshold valu

Abstract: Provided is a system whereby information on activities obtained by way of monitoring system access to input and output devices and storage devices in a terminal as well as information on activities executed by way of a terminal and obtained by way of monitoring communications through a network are associated with processes in the terminal that generated the activities, and if the activities are predetermined activities executed by the same or related processes, the system detects that unauthorized processes are running on the terminal.