Abstract: A detection device includes processing circuitry configured to acquire position information and a file size of a falsification detection target file, and determine a change in the position information or the file size acquired, and detect falsification of the falsification detection target file in a case where there is a change in the position information or the file size.

Abstract: A traffic sensor includes processing circuitry configured to calculate a degree of spread of a range of normal communication indicated by a normal communication model for each of the normal communication model for detecting abnormal communication of an Internet of Things (IoT) device learned for each of the IoT device to be monitored, classify a normal communication model in which the degree of spread is less than a predetermined value as a normal communication model of an IoT device of a first model, and classify a normal communication model in which the degree of spread is equal to or greater than the predetermined value as a normal communication model of an IoT device of a second model, detect abnormal communication in the IoT device by using the normal communication model of the IoT device of the first model, and extract a feature amount.

Abstract: A monitoring device includes processing circuitry configured to a configuration management tool and is used when a configuration of a device to be monitored is updated, analyze the operation instruction information, and extract a part where the configuration of the device to be monitored changes and content of the change; and create a determination criterion that defines a determination method for detecting modification of data of the device to be monitored on the basis of the part where the configuration of the device to be monitored changes and the content of the change.

Abstract: A detection device includes a feature value database configured to store a packet feature value, a label assigned to each packet feature value, and a threshold used for determination in advance. The detection device includes a memory and a processor coupled to the memory. The processor is configured to perform operations including: converting a target packet into a feature value using a first natural language processing model that has been trained using normal communication packets as learning data; assigning a label to the feature value converted using the first natural language processing model, based on the feature value converted using the first natural language processing model and the data stored in the feature value database; and determining whether the target packet has an anomaly based on the assigned label.

Abstract: An analysis server accumulates an alert of communication determined not to be normal communication on the basis of a model indicating a feature of normal communication in a storage unit. Then, the analysis server performs clustering of alerts obtained by excluding an alert having a different category variable from communication data used for learning of the model from the accumulated alerts by using a feature amount of communication included in the alert. Thereafter, the analysis server determines, for each cluster generated by clustering, whether or not the cluster includes the same type of alert. Then, the analysis server outputs a result of clustering and a determination result as to whether or not each cluster includes the same type of alert.

Abstract: A device acquires a file path of determination target equipment that is a determination target of file integrity, generates a concealment path for digesting the acquired file path for each file path, generates a concealment determination reference in which the generated concealment path and a hash value obtained by digesting file data stored in the determination target equipment are listed in association with each other, generates a concealment list by associating the file path stored in the determination target equipment with the generated concealment path, generates a determination reference by associating the file path with a hash value obtained by digesting the file data using the generated concealment determination reference and the generated concealment list, and calculates a hash value for each piece of the file data in the determination target equipment and determines file integrity based on the hash value and a hash value included in the determination reference.

Abstract: An analysis server acquires observation information including a transmission source IP address, a transmission source MAC address, a transmission destination IP address, and a transmission destination MAC address in communication from each of sensing devices. The analysis server estimates a topology of a network on the basis of the acquired observation information. On the basis of the estimated topology, an analysis server creates a monitoring list indicating communication that is a target for transmission of the observation information for each sensing device such that any one sensing device on a path of the communication transmits the observation information of the communication for each piece of communication in the network, and transmits the monitoring list to the sensing device. Thereafter, each sensing device transmits the observation information of the communication to the analysis server on the basis of the monitoring list.

Abstract: An analysis device includes processing circuitry configured to acquire, from each network traffic sensor that monitors communication of an Internet of Things (IoT) device, a normal communication model that is used for monitoring the communication and indicates a characteristic of normal communication of the IoT device, cluster a normal communication model group of a same feature among acquired normal communication model groups, calculate a majority cluster that is a cluster having a largest number of normal communication models by using a result of the clustering, and calculate an average model of the normal communication model group belonging to the majority cluster, and notify the network traffic sensor serving as an acquisition source of the normal communication model of attribution information indicating whether or not the normal communication model belongs to the majority cluster and the average model.

Abstract: In a communication network system (1), each of a plurality of management devices (20) generates an individual whitelist, which is individually generated in each of a plurality of management devices (20), and is related to a communication destination of an IoT device (30A) connected to an own management device, and uploads a generated individual whitelist to a server device (10), the server device collects the plurality of individual whitelists uploaded from each of the plurality of management devices (20), generates an aggregated whitelist that is an aggregated result of the plurality of individual whitelists, and distributes the generated aggregated whitelist to each of the plurality of management devices (20), and each of the plurality of management devices (20) acquires the aggregated whitelist distributed from the server device (10), and updates the individual whitelist generated by an own management device based on the aggregated whitelist.

Abstract: An intrusion prevention device includes a reception unit, a monitoring unit, and a determination unit. The reception unit receives, from a control target device, a notification indicating a state of the control target device. The monitoring unit receives a control command transmitted from a control device to the control target device. The determination unit determines whether to permit or block passage of the control command received by the monitoring unit in accordance with the state of the control target device received by the reception unit.

Abstract: An operation device includes a scroll wheel, a portion of which projects from an opening of an operation surface. The scroll wheel is configured to be rotated by an operator. The scroll wheel includes a ring member that is formed by a light transmissive member, which is configured to transmit light. The operation device includes: a light source that is configured to generate light for nighttime illumination; a wheel illumination light guide member that is configured to guide the light, which is outputted from the light source, to the scroll wheel; and a metal film that is formed at an inner peripheral surface of the ring member.

Abstract: A security measure invalidation prevention device includes an acquisition unit that acquires invalidated security point information about an invalidated security point among security points each having a measure function performing a security measure on a node connected to a network. The invalidated security point has a measure function to be invalidated. The device also includes a determination unit that determines whether a security event to be addressed with the measure function of the invalidated security point is present on the basis of the invalidated security point information acquired by the acquisition unit. The device further includes an extraction unit that extracts a security point to which the measure function of the invalidated security point can be shifted when the determination unit determines that the security event is present.

Abstract: A control device according to the present invention includes: a memory; and processing circuitry coupled to the memory and configured to: detect a state of access to table data stored in a first logical disk of a physical disk and to which first data is written and a state of access to a write ahead log (WAL) stored in a second logical disk of the physical disk and to which second data is written or to a WAL stored in a second storage medium different from the physical disk and to which the second data is written, and acquire an I/O use ratio of the WAL and an I/O use ratio of the table data, and set a writing destination of the second data to one of the WAL stored in the second logical disk and the WAL stored in the second storage medium.

Abstract: A specifying device receives detection information from a security device that detects hacking into a network or an activity of a terminal related to infection, and specifies a state of the terminal from information of the terminal and content of activity of the terminal included in the detection information. The specifying device specifies, when specifying that the terminal is in the state of being infected with malware, a terminal that may be infected before performing the content of the activity of the terminal included in the detection information based on connection information stored in a configuration information storage device, and specifies a terminal located on a route, along which the infected terminal is likely to be used for hacking or for infection of the terminal in the future, as a candidate for an infected terminal likely to be infected.

Abstract: An operation device includes a scroll wheel, a portion of which projects from an opening of an operation surface. The scroll wheel is configured to be rotated by an operator. The scroll wheel includes a ring member that is formed by a light transmissive member, which is configured to transmit light. The operation device includes: a light source that is configured to generate light for nighttime illumination; a wheel illumination light guide member that is configured to guide the light, which is outputted from the light source, to the scroll wheel; and a metal film that is formed at an inner peripheral surface of the ring member.

Abstract: An optimization apparatus collects cyber attack information that is information related to a cyber attack, and system information that is information related to an entire system including a device that has received the cyber attack. Based on the collected cyber attack information and system information, the optimization apparatus identifies an attack route of the cyber attack, and extracts, as dealing point candidates, devices that are on the attack route and have an effective dealing function against the cyber attack. Subsequently, the optimization apparatus selects a dealing point from the extracted dealing point candidates by using optimization logic that has been set.

Abstract: A control device according to the present invention includes: a memory; and processing circuitry coupled to the memory and configured to: detect a state of access to table data stored in a first logical disk of a physical disk and to which first data is written and a state of access to a write ahead log (WAL) stored in a second logical disk of the physical disk and to which second data is written or to a WAL stored in a second storage medium different from the physical disk and to which the second data is written, and acquire an I/O use ratio of the WAL and an I/O use ratio of the table data, and set a writing destination of the second data to one of the WAL stored in the second logical disk and the WAL stored in the second storage medium.

Abstract: A light deflector 1 includes a reflector (2), inner piezoelectric actuators (4), an inner frame (5), outer piezoelectric actuators (6), and an outer frame (7). The reflector (2) is oscillated about a first axis Ua and a second axis Ub by the inner piezoelectric actuators (4) and the outer piezoelectric actuators (6), respectively. Formed on the rear surface of the light deflector 1 is a projecting rib (52), which projects from an encircling rib (51) of the inner frame (5) and reaches a corner portion (36) of a distal end portion of a piezoelectric cantilever (13a). A vertical side (22b) has an outer recess (35). The outer recess (35) extends along the projecting rib (52) in a portion of the distal end side of the piezoelectric cantilever (13a).

Abstract: An intrusion prevention device includes a reception unit, a monitoring unit, and a determination unit. The reception unit receives, from a control target device, a notification indicating a state of the control target device. The monitoring unit receives a control command transmitted from a control device to the control target device. The determination unit determines whether to permit or block passage of the control command received by the monitoring unit in accordance with the state of the control target device received by the reception unit.

Abstract: A light deflector 1 includes a reflector (2), inner piezoelectric actuators (4), an inner frame (5), outer piezoelectric actuators (6), and an outer frame (7). The reflector (2) is oscillated about a first axis Ua and a second axis Ub by the inner piezoelectric actuators (4) and the outer piezoelectric actuators (6), respectively. Formed on the rear surface of the light deflector 1 is a projecting rib (52), which projects from an encircling rib (51) of the inner frame (5) and reaches a corner portion (36) of a distal end portion of a piezoelectric cantilever (13a). A vertical side (22b) has an outer recess (35). The outer recess (35) extends along the projecting rib (52) in a portion of the distal end side of the piezoelectric cantilever (13a).