Abstract: In an evaluation apparatus (10), a profile database (31) is a database to store profile information indicating an individual characteristic of each of a plurality of persons. A security database (32) is a database to store security information indicating a behavior characteristic of each of the plurality of persons, which may become a security incident factor. A model generation unit (22) derives a relationship between the characteristic indicated by the profile information stored in the profile database (31) and the characteristic indicated by the security information stored in the security database (32), as a model. Upon receipt of an input of information indicating a characteristic of a different person, an estimation unit (23) estimates a behavior characteristic of the different person, which may become the security incident factor, by using the model derived by the model generation unit (22).

Abstract: In an exchange-type attack simulation device (10), an e-mail reception unit (22) receives a reply e-mail to an e-mail transmitted by an e-mail transmission unit (26). A state transition unit (24) refers to correspondence information (31) indicating feature of e-mails corresponding to each of state transitions in a state transition model and thereby identifies a state transition corresponding to the reply e-mail received by the e-mail reception unit (22). An e-mail generation unit (25) generates an e-mail corresponding to the state transition identified by the state transition unit (24). The e-mail generation unit (25) makes the e-mail transmission unit (26) transmit the generated e-mail.

Abstract: A packet format inference apparatus includes a classification unit and an inference unit. The classification unit classifies, among a plurality of packets which are included in a packet data set as packet data and of which formats are unknown, relevant packets transmitted in a fixed cycle, as a packet group having a same arrival cycle. The inference unit infers a packet format for each packet group having the same arrival cycle.

Abstract: In an evaluation device (100), an attack generation unit (111) generates an attack sample. The attack sample is data for simulating an unauthorized act on a system. A comparison unit (112) compares the attack sample generated by the attack generation unit (111) and a normal state model. The normal state model is data acquired by modeling an authorized act on the system. Based on the comparison result, the comparison unit (112) generates information for generating an attack sample similar to the normal state model, and feeds back the generated information to the attack generation unit (111). A verification unit (113) checks whether the attack sample generated by the attack generation unit (111) satisfies a requirement for simulating an unauthorized act, and verifies, by using the attack sample satisfying the requirement, a detection technique implemented in a security product.

Abstract: The present invention relates to a process analysis apparatus for analyzing a process executed in an information processing unit and extracting encryption logic such as an encryption function or a decryption function used in the process.

Abstract: A test memory extracting unit 110 extracts a test memory image 191 from a memory area of a target system. A template memory extracting unit 120 extracts a template memory image 192 from a template system not infected with malware. An injected code detecting unit 130 compares the test memory image 191 with the template memory image 192, and generates an injected code list 193. An injected code testing unit 140 generates a malicious code list 195 based on the injected code list 193 and a test rule list 194. A test result output unit 150 generates a test result file 196 based on the malicious code list 195.

Abstract: The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part. The block candidate extraction part analyzes an execution trace in which an execution step of malware is recorded, calculates an evaluation value representing cipher likeliness of the execution step based on whether or not an operation type that characterizes cipher likeliness of the execution step is included in the execution step, and extracts an execution step where the evaluation value exceeds a threshold L, as a block candidate which is a candidate of a cryptographic block.

Abstract: The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part. The block candidate extraction part analyzes an execution trace in which an execution step of malware is recorded, calculates an evaluation value representing cipher likeliness of the execution step based on whether or not an operation type that characterizes cipher likeliness of the execution step is included in the execution step, and extracts an execution step where the evaluation value exceeds a threshold L, as a block candidate which is a candidate of a cryptographic block.

Abstract: The present invention relates to a process analysis apparatus for analyzing a process executed in an information processing unit and extracting encryption logic such as an encryption function or a decryption function used in the process.

Abstract: A necessary information extraction unit extracts, from variables used in a target program, an output variable to which output information to be output by an output function defined in an output function list is set. The necessary information extraction unit extracts, from the variables used in the target program, an encryption variable to which encrypted information encrypted by an encrypting function defined in an encryption function list is set. A protected state analysis unit refers to an assignment statement included in the target program, and extracts an encrypted state variable to which the encrypted information is assigned. A vulnerability determination unit determines whether or not the encrypted state variable and the output variable are the same variable, and outputs a program verification result based on a result of determination.

Abstract: A test memory extracting unit 110 extracts a test memory image 191 from a memory area of a target system. A template memory extracting unit 120 extracts a template memory image 192 from a template system not infected with malware. An injected code detecting unit 130 compares the test memory image 191 with the template memory image 192, and generates an injected code list 193. An injected code testing unit 140 generates a malicious code list 195 based on the injected code list 193 and a test rule list 194. A test result output unit 150 generates a test result file 196 based on the malicious code list 195.

Abstract: A necessary information extraction unit extracts, from variables used in a target program, an output variable to which output information to be output by an output function defined in an output function list is set. The necessary information extraction unit extracts, from the variables used in the target program, an encryption variable to which encrypted information encrypted by an encrypting function defined in an encryption function list is set. A protected state analysis unit refers to an assignment statement included in the target program, and extracts an encrypted state variable to which the encrypted information is assigned. A vulnerability determination unit determines whether or not the encrypted state variable and the output variable are the same variable, and outputs a program verification result based on a result of determination.

Abstract: An optical sensor device includes a plurality of optical sensor units two-dimensionally arranged, a scan driver, and a detection driver. The scan driver sets optical sensor units, in each row, in a selected state. The detection driver acquires detection signals corresponding to illuminance of incident light on the optical sensor units. Each of the optical sensor units comprises a first optical sensor including a first photoelectric conversion section blocked from light and a second optical sensor including a second photoelectric conversion section configured to change the illuminance in response to an externally applied external force. The detection driver maintains each voltage of electrodes of the first optical sensors and each voltage of electrodes of the second optical sensors in equal voltage levels to each other, and acquires a plurality of voltage signals in parallel.

Abstract: A method for heating and pasteurizing a material, comprising placing the material inside of a semi-sealed chamber at atmospheric pressure that contains an atmosphere produced by replacing air in the chamber with a gas component produced by spraying or injecting hot water droplets and steam at a temperature of at least 100° C. into the chamber which is heated to a temperature of at least 100° C. which is equal to or higher than the temperature of the sprayed hot water droplets and steam, which gas component has a humidity of at least 95% and contains no more than 1% oxygen; contacting said material to the gas component for exposing it to continual temperature variation during heating ranging from 10-50° C. inside the chamber at temperature(s) ranging from 90-180° C. for a time sufficient to heat or pasteurize it. An apparatus for performing this method.

Abstract: An optical sensor device includes a plurality of optical sensor units two-dimensionally arranged, a scan driver, and a detection driver. The scan driver sets optical sensor units, in each row, in a selected state. The detection driver acquires detection signals corresponding to illuminance of incident light on the optical sensor units. Each of the optical sensor units comprises a first optical sensor including a first photoelectric conversion section blocked from light and a second optical sensor including a second photoelectric conversion section configured to change the illuminance in response to an externally applied external force. The detection driver maintains each voltage of electrodes of the first optical sensors and each voltage of electrodes of the second optical sensors in equal voltage levels to each other, and acquires a plurality of voltage signals in parallel.

Abstract: A directional setting apparatus according to the present invention, comprising: a voice recognition unit which detects a certain voice included in a sound signal outputted from a microphone array having a plurality of microphones and a directional determination period indicating a detection period of said certain voice; a voice direction detector which detects occurrence direction of said certain voice in said directional determination period; and a directional controller which controls directivity of a prescribed apparatus based on the sound signals outputted from said plurality of microphones in said directional determination period.

Abstract: A photosensor includes first and second light receiving elements which detect light, and a light source which is disposed behind the first and second light receiving elements and which emits light containing a predetermined color component. A first filter is disposed in front of the first light receiving element and transmits light of the predetermined color component, and a second filter is disposed in front of the second light receiving element and shuts off the light of the predetermined color component and transmits a color component other than the predetermined color component. A judging section judges whether or not a detection target is present in front of the first and second filters in accordance with outputs from the first and second light receiving elements.

Abstract: A photoelectric transducer according to this invention includes a photoelectric-transducer element array which has a first and a second regions in which a first and a second photoelectric transducer elements having a photoelectric transducer part are arranged, respectively, and a light-emitting member which is arranged below the photoelectric-transducer element array. Above the photoelectric-transducer element array, a mount layer is arranged, on which an object is to rest to reflect the light emitted from the light-emitting member to the first and the second photoelectric transducer elements. A first and a second light-shielding layers are provided between the light-emitting members and the photoelectric transducer part of the first and the second photoelectric transducer elements, respectively. The second light-shielding layer has a larger area than the first light-shielding layer.