Abstract: A cyber attack information processing apparatus includes a memory and a processor configured to, when a first system obtains first information regarding a cyber attack from a first terminal, store the first information in a state that the first information is accessible to a second terminal that is capable of accessing the first system, convert the first information having a first data structure into second information having a second data structure usable by a second system wherein the second information is to be provided for the second system, when the second system obtains third information regarding another cyber attack, convert the third information having the second data structure into fourth information having the first data structure, and provide the second terminal with the fourth information.

Abstract: A non-transitory computer-readable storage medium storing a program that causes an information processing apparatus to execute a process, the process includes executing a first program and a second program using a system including a kernel of an OS, acquiring first information regarding a first API call and second information regarding a second API call, executing a similarity judgment process in which a similarity between the first program and the second program is judged, wherein the first information is information indicating at least one of a type of the first API call, the number of executions of the first API call, and a call order of the first API call, the second information includes at least one of a type of the second API call, the second information includes the number of executions of the second API call, and a call order of the second API cal.

Abstract: A cyber attack information processing apparatus includes one or more memories, and one or more processors coupled to the one or more memories and the one or more processors configured to, when acquiring information regarding a first cyber attack, store the information in the one or more memories in association with reliability based on an acquisition source of the information, and when detecting that posted information related to the information is uploaded from a terminal, perform update of the reliability associated with the information in accordance with first reliability of the posted information.

Abstract: A non-transitory computer-readable recording medium storing a control program causing a computer to execute processing, the processing includes: displaying a first node of a first type and a second node of a second type; receiving registration of a third node representing an access destination in association with the first node; receiving registration of a fourth node representing mask processing on information in association with the second node; receiving registration of a fifth node representing an information category in association with the second node; allowing transmission of information about a cyber attack event to the third node; and providing the information about the cyber attack event after executing the mask processing associated with the fourth node on information belonging to the information category associated with the fifth node, when the information about the cyber attack event is transmitted to the third node.

Abstract: A non-transitory recording medium recording a cyber-attack analysis supporting program that causes a computer to execute a process, the process includes: accepting registration of information of one or more items regarding a cyber-attack event in response to detection of malware in an information processing system of a monitoring target; and displaying the information registered regarding the cyber-attack event in a state in which each of the one or more items is coupled as a subordinate node to a representative node of the cyber-attack event.

Abstract: A non-transitory computer readable recording medium storing a computer executable program that, when executed, causes a computer to perform a cyber attack analysis support process, the cyber attack analysis support process includes: when information of a first cyber attack event including information of malware is registered as a result of a detection of the malware within an information processing system to be monitored, searching for a second cyber attack event having a similarity relationship with the first cyber attack event by referring to a storage storing information on past cyber attack events; and displaying information of the searched second cyber attack event and the registered information of the first cyber attack event on a display circuit.

Abstract: A cyber attack information processing apparatus includes one or more memories, and one or more processors coupled to the one or more memories and the one or more processors configured to, when acquiring information regarding a first cyber attack, store the information in the one or more memories in association with reliability based on an acquisition source of the information, and when detecting that posted information related to the information is uploaded from a terminal, perform update of the reliability associated with the information in accordance with first reliability of the posted information.

Abstract: A cyber attack information processing apparatus includes a memory and a processor configured to, when a first system obtains first information regarding a cyber attack from a first terminal, store the first information in a state that the first information is accessible to a second terminal that is capable of accessing the first system, convert the first information having a first data structure into second information having a second data structure usable by a second system wherein the second information is to be provided for the second system, when the second system obtains third information regarding another cyber attack, convert the third information having the second data structure into fourth information having the first data structure, and provide the second terminal with the fourth information.

Abstract: A non-transitory computer-readable storage medium storing a program that causes an information processing apparatus to execute a process, the process includes executing a first program and a second program using a system including a kernel of an OS, acquiring first information regarding a first API call and second information regarding a second API call, executing a similarity judgment process in which a similarity between the first program and the second program is judged, wherein the first information is information indicating at least one of a type of the first API call, the number of executions of the first API call, and a call order of the first API call, the second information includes at least one of a type of the second API call, the second information includes the number of executions of the second API call, and a call order of the second API cal.

Abstract: A non-transitory computer readable recording medium storing a computer executable program that, when executed, causes a computer to perform a cyber attack analysis support process, the cyber attack analysis support process includes: when information of a first cyber attack event including information of malware is registered as a result of a detection of the malware within an information processing system to be monitored, searching for a second cyber attack event having a similarity relationship with the first cyber attack event by referring to a storage storing information on past cyber attack events; and displaying information of the searched second cyber attack event and the registered information of the first cyber attack event on a display circuit.

Abstract: A non-transitory recording medium recording a cyber-attack analysis supporting program that causes a computer to execute a process, the process includes: accepting registration of information of one or more items regarding a cyber-attack event in response to detection of malware in an information processing system of a monitoring target; and displaying the information registered regarding the cyber-attack event in a state in which each of the one or more items is coupled as a subordinate node to a representative node of the cyber-attack event.

Abstract: A non-transitory computer-readable recording medium storing a control program causing a computer to execute processing, the processing includes: displaying a first node of a first type and a second node of a second type; receiving registration of a third node representing an access destination in association with the first node; receiving registration of a fourth node representing mask processing on information in association with the second node; receiving registration of a fifth node representing an information category in association with the second node; allowing transmission of information about a cyber attack event to the third node; and providing the information about the cyber attack event after executing the mask processing associated with the fourth node on information belonging to the information category associated with the fifth node, when the information about the cyber attack event is transmitted to the third node.