Abstract: Generation of an attack scenario to be used for risk analysis of a system to be analyzed is enabled without depending on the technique and the knowledge of a person who creates it. An analysis result acquisition means acquires a risk analysis result of a first risk analysis performed on a system to be analyzed. A condition acquisition means acquires conditions for an attack scenario to be used for a second risk analysis on the basis of an attack scenario table and the risk analysis result. An attack scenario generation means generates an attack scenario to be used for the second risk analysis on the basis of the conditions for the attack scenario acquired by the condition acquisition means.

Abstract: A feature calculation means calculates N features for first data and N features for second data by using N feature functions for obtaining a feature for data on the basis of the data. A similarity degree calculation means calculates a similarity degree between the first data and the second data on the basis of the N features for the first data and the N features for the second data. Values of N features obtained when the same data is substituted into the N feature functions are different from each other.

Abstract: An analysis apparatus (10) includes: a setting unit (11) configured to set virtual vulnerabilities in a plurality of nodes configuring an information system to be analyzed; an extraction unit (12) configured to extract an attack route of the information system based on the virtual vulnerabilities set by the setting unit (11); and a discrimination unit (13) configured to discriminate vulnerabilities to be monitored based on the virtual vulnerabilities in the extracted attack route extracted by the extraction unit (12).

Abstract: A risk analysis result display apparatus, a risk analysis result display method, and a computer readable medium capable of enabling a user to recognize changes in risk in a system are provided. A risk analysis result (13) is a risk analysis result obtained by assessing a risk to a system to be analyzed in a first assessment period. A risk analysis result (14) is a risk analysis result obtained by assessing the risk to the system to be analyzed in a second assessment period different from the first assessment period. Comparison means (11) compares the risk analysis result (13) with the risk analysis result (14), and extracts a difference between the risk analysis result (13) and the risk analysis result (14). Output means (12) displays the difference extracted by the comparison means (11) for a user.

Abstract: An analysis apparatus (10) includes an environment assessment unit (11) for assessing environmental metrics of a Common Vulnerability Scoring System (CVSS) as regards a vulnerability in an information system based on an attack path extracted from the information system to which the vulnerability to be analyzed is applied, a base assessment unit (12) for assessing base metrics of the CVSS as regards the vulnerability in the information system based on obtained CVSS base value information of the vulnerability and a predetermined base value countermeasure determination condition of the information system, and a determination unit (13) for determining whether or not the vulnerability in the information system needs to be addressed based on an assessment result of the environmental metrics and an assessment result of the base metrics.

Abstract: An analysis unit 6 generates one or more pairs of a start point fact which is a fact representing possibility of the attack in a device that is a start point and an end point fact which is a fact representing possibility of the attack in the device that is an end point, analyzes, for each pair, whether or not it is possible to derive the end point fact from the start point fact, based on facts representing states of the devices generated based on information regarding the device that is the start point and information regarding the device that is the end point, the start point fact, and one or more analysis rules for analyzing the attack, and generates an attack scenario in a case where it is possible to derive the end point fact from the start point fact.

Abstract: A comparison means compares a first risk analysis result with a second risk analysis result. The first risk analysis result includes a first risk evaluation value. The second risk analysis result includes a second risk evaluation value. Based on the result of the comparison, a display means displays the first risk evaluation value in such a manner that a first risk evaluation value for which there is a second risk evaluation value, in the second risk analysis result, for an attack step of which an attack destination coincides with an asset included in the first risk analysis result and an attack method coincides with an attack method included in the first risk analysis result can be distinguished from a first risk evaluation value for which there is no such second risk evaluation value.

Abstract: Attack path information includes information about an attack path including at least one attack step including an attack source, an attack destination, and an attack method. Vulnerability specification means refers to the attack path information and thereby specifies vulnerabilities exploitable by an attack on the attack destination in the attack step. In the vulnerability information DB, vulnerabilities and presence/absence of exploit codes for the vulnerabilities are stored and associated with each other. Diagnosis evaluation generation means refers to the vulnerability information DB, and thereby examines whether or not there is an exploit code for the specified vulnerability and generates, for the attack step, a risk diagnosis evaluation including the number of specified vulnerabilities and the presence/absence of the exploit codes therefor. Output means outputs the attack step and the risk diagnosis evaluation while associating them with each other.

Abstract: The analysis unit generates one or more pairs of a start point fact which is a fact representing possibility of attack in a device that is a start point and an end point fact which is a fact representing possibility of attack in a device that is an end point. The analysis unit analyzes, for each pair, whether or not it is possible to derive the end point fact from the start point fact. The analysis unit generates an attack pattern that includes at least an attack condition, an attack result, and an attack means, in a case where it is possible to derive the end point fact from the start point fact.