Identification apparatus, control method therefor, and storage medium
First Claim
1. An identification apparatus for identifying a spread range of malware, the spread range being a set of media to which the malware has been spread, comprising:
- at least one memory that stores instructions and stores an operation history as a history of an operation executed in at least one information processing apparatus; and
at least one processor that, upon executing the instructions, functions asan acquisition unit configured to acquire malware spread information including information indicating malware; and
an identification unit configured toidentify, based on the operation history, an intrusion route of the malware indicated by the malware spread information acquired by the acquisition unit,generate at least one piece of malware spread information corresponding to at least one operation included in the intrusion route in the operation history, andidentify the spread range of the malware by, for each of the at least one piece of malware spread information, identifying at least one operation of spreading the malware in the operation history by setting, as a direct or indirect start point, the malware indicated by the malware spread information.
1 Assignment
0 Petitions
Accused Products
Abstract
There is provided an identification apparatus. A storage unit stores an operation history as a history of an operation executed in at least one information processing apparatus. An acquisition unit acquires malware spread information including information indicating malware. An identification unit identifies, based on the operation history, an intrusion route of the malware indicated by the malware spread information acquired by the acquisition unit, generates at least one piece of malware spread information corresponding to at least one operation included in the intrusion route in the operation history, and identifies, in the operation history, for each of the at least one piece of malware spread information, at least one operation of spreading the malware by setting, as a direct or indirect start point, the malware indicated by the malware spread information.
38 Citations
15 Claims
-
1. An identification apparatus for identifying a spread range of malware, the spread range being a set of media to which the malware has been spread, comprising:
-
at least one memory that stores instructions and stores an operation history as a history of an operation executed in at least one information processing apparatus; and at least one processor that, upon executing the instructions, functions as an acquisition unit configured to acquire malware spread information including information indicating malware; and an identification unit configured to identify, based on the operation history, an intrusion route of the malware indicated by the malware spread information acquired by the acquisition unit, generate at least one piece of malware spread information corresponding to at least one operation included in the intrusion route in the operation history, and identify the spread range of the malware by, for each of the at least one piece of malware spread information, identifying at least one operation of spreading the malware in the operation history by setting, as a direct or indirect start point, the malware indicated by the malware spread information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 15)
-
-
13. A control method for an identification apparatus for identifying a spread range of malware, the spread range being a set of media to which the malware has been spread, comprising:
-
storing an operation history as a history of an operation executed in at least one information processing apparatus; acquiring malware spread information including information indicating malware; and identifying, based on the operation history, an intrusion route of the malware indicated by the malware spread information acquired in the acquiring, generating at least one piece of malware spread information corresponding to at least one operation included in the intrusion route in the operation history, and identifying the spread range of the malware by, for each of the at least one piece of malware spread information, identifying at least one operation of spreading the malware in the operation history by setting, as a direct or indirect start point, the malware indicated by the malware spread information.
-
-
14. A non-transitory computer-readable storage medium which stores a program for causing a computer to execute a control method for identifying a spread range of malware, the spread range being a set of media to which the malware has been spread, the method comprising:
-
storing an operation history as a history of an operation executed in at least one information processing apparatus; acquiring malware spread information including information indicating malware; and identifying, based on the operation history, an intrusion route of the malware indicated by the malware spread information acquired in the acquiring, generating at least one piece of malware spread information corresponding to at least one operation included in the intrusion route in the operation history, and identifying the spread range of the malware by, for each of the at least one piece of malware spread information, identifying at least one operation of spreading the malware in the operation history by setting, as a direct or indirect start point, the malware indicated by the malware spread information.
-
Specification