Abstract: An acquisition unit (10) acquires normal sample data and non-normal sample data. A model generation unit (120) generates a normal model representing the normal sample data. A change unit (141) generates a non-normal feature vector of the non-normal sample data, and generates a non-normal changed vector obtained by changing an element of the non-normal feature vector. When the non-normal changed vector and the normal model are similar to each other, a verification unit (142) executes a process using sample data represented by the non-normal changed vector. The verification unit (142) verifies whether an anomalous event is detected by a detection device. Upon verification that an anomalous event is not detected, the verification unit (142) determines whether an anomalous event is present, independently of the detection device.

Abstract: In an SNS server (103) corresponding to a false submission filter device, an event specifying unit (604) analyzes contents of a submission informing of an occurrence of an event and specifies a location (721) of occurrence of the event. A query destination specifying unit (605) searches a query destination database (613) and specifies a query destination corresponding to the location (721) specified by the event specifying unit (604). A query unit (606) transmits a request for checking the presence or absence of occurrence of the event from the observation result of one or more machines to the query destination specified by the query destination specifying unit (605). The query unit (606) receives a response to the request. A result reflecting unit (607) determines whether the contents of the submission are true or false from a check result indicated by the response received by the query unit (606).

Abstract: An acquisition unit (10) acquires normal sample data and non-normal sample data. A model generation unit (120) generates a normal model representing the normal sample data. A change unit (141) generates a non-normal feature vector of the non-normal sample data, and generates a non-normal changed vector obtained by changing an element of the non-normal feature vector. When the non-normal changed vector and the normal model are similar to each other, a verification unit (142) executes a process using sample data represented by the non-normal changed vector. The verification unit (142) verifies whether an anomalous event is detected by a detection device. Upon verification that an anomalous event is not detected, the verification unit (142) determines whether an anomalous event is present, independently of the detection device.

Abstract: An acquisition unit acquires reception data. A first extraction unit extracts a domain name being a download domain name from the reception data. A second extraction unit extracts owner information indicating an owner of a public key certificate included in the reception data. A search unit searches a domain information search service using the owner information as a search key, and acquires a management domain name managed by the owner indicated by the owner information. A determination unit collates the management domain name with the domain name to determine whether a program included in the reception data is illegitimate.

Abstract: An electronic file copy notification reception unit acquires identification information on a terminal device connected to a first network switch to which a file server is connected, as first identification information, when the terminal device acquires a copy of an electronic file from the file server. A determination instruction unit acquires identification information on a device, as second identification information, when the device is newly connected to a second network switch different from the first network switch. The determination instruction unit matches the first identification information with the second identification information and instructs the second network switch to restrict communication to and from the terminal device via the second network switch in case where the first identification information coincides with the second identification information.

Abstract: A key generation source identification device (10) is provided with a key identification unit (11) to cause malware to execute an encryption process, acquire an execution trace representing an execution status of the encryption process, and identify an encryption key used in the encryption process as an analysis key based on the execution trace, and an extraction unit (31) to extract, from the execution trace, a list of instructions on which the analysis key depends, as an instruction list. The key generation source identification device (10) is also provided with an acquisition unit (32) to determine whether a function called by a call instruction included in the instruction list is a dynamic acquisition function that acquires dynamic information dynamically changing and, when the function is the dynamic acquisition function, acquire the instruction list as a candidate of a key generation source which is at least a part of a program that generated the analysis key in the encryption process.

Abstract: A second communication unit (411) of a security management apparatus (201) externally receives dependency information (412) indicating a dependence relation between information assets individually held by a first system and a second system. Then, a selection unit (415) of the security management apparatus (201) selects a security measure to be implemented, from among candidates for a security measure against a threat to an information asset held by the first system, in accordance with a dependence relation indicated by the dependency information (412) received by the second communication unit (411).

Abstract: The present invention relates to an authentication device that executes an online transaction typified by a transfer process of an online banking service. The authentication device includes a secret information storage unit to store secret information; a verification unit to verify validity of input data including input information of a user; an information extraction unit to extract the input information from the input data the validity of which has been verified by the verification unit; an authentication information generation unit to generate authentication information with the input information extracted by the information extraction unit and the secret information stored in the secret information storage unit; and a display unit to display the authentication information generated by the authentication information generation unit.

Abstract: An information leakage prevention apparatus 100 receives, from a LAN 109, communication data transmitted by a PC 112 to Internet 111, and when the received data has been encrypted, analyzes a log describing content of data processing performed in the PC 112 and extracts a key used to encrypt the communication data in the PC 112. Further, the information leakage prevention apparatus 100 decrypts the communication data using the extracted key and determines whether or not a keyword is included in a decryption result. If the keyword is not included in the decryption result, the information leakage prevention apparatus 100 transmits the communication data to the Internet 111 through a WAN 110.