Anti-malware device, anti-malware system, anti-malware method, and recording medium in which anti-malware program is stored
First Claim
1. An anti-malware device comprising:
- a storage to store risk information in which there are associated a value indicating an attribution of a first information processing device configured to execute software, a value indicating an attribution of the software, and a value that depends on the attributions of the first information processing device and the software and that indicates a degree of risk when the software is executed by the first information processing device;
a memory that stores a set of instructions; and
at least one processor configured to execute the set of instructions to;
collect the value indicating the attribution of the first information processing device from outside;
collect the value indicating the attribution of the software from outside; and
determine that the software is malware when the value indicating the degree of risk satisfies a criterion, the value being obtained by comparing the risk information with the values collected; and
transfer the software to a second information processing device when it is determined thatthe software is malware, and then cause the second information processing device to execute the software.
1 Assignment
0 Petitions
Accused Products
Abstract
An anti-malware device 50 includes: a risk information storage unit 51 in which risk information 510 is stored, in which there are associated a value indicating an attribution of an information processing device 60 for executing software 600, a value indicating an attribution of the software 600, and a value that indicates the degree of risk when the software 600 is executed; a subject attribution collection unit 53 for collecting the value indicating the attribution of the information processing device 60; an object attribution collection unit 54 for collecting the value indicating the attribution of the software 600; and a determination unit 55 for determining that the software 600 is malware when the value indicating the degree of risk obtained by comparing the risk information 510 and the values collected by the subject attribution collection unit 53 and object attribution collection unit 54 satisfies a criterion.
-
Citations
18 Claims
-
1. An anti-malware device comprising:
-
a storage to store risk information in which there are associated a value indicating an attribution of a first information processing device configured to execute software, a value indicating an attribution of the software, and a value that depends on the attributions of the first information processing device and the software and that indicates a degree of risk when the software is executed by the first information processing device; a memory that stores a set of instructions; and at least one processor configured to execute the set of instructions to; collect the value indicating the attribution of the first information processing device from outside; collect the value indicating the attribution of the software from outside; and determine that the software is malware when the value indicating the degree of risk satisfies a criterion, the value being obtained by comparing the risk information with the values collected; and transfer the software to a second information processing device when it is determined that the software is malware, and then cause the second information processing device to execute the software. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An anti-malware system comprising:
-
an anti-malware device including; a storage to store risk information in which there are associated a value indicating an attribution of a first information processing device configured to execute software, a value indicating an attribution of the software, and a value that depends on the attributions of the first information processing device and the software and that indicates a degree of risk when the software is executed by the first information processing device; a memory that stores a set of instruction; and at least one processor configured to execute the set of instructions to; collect the value indicating the attribution of the first information processing device from outside; collect the value indicating the attribution of the software from outside; and determine that the software is malware when the value indicating the degree of risk satisfies a criterion, the value being obtained by comparing the risk information with the values collected; and transfer the software to a second information processing device when it is determined that the software is malware, and then cause the second information processing device to execute the software; and the first information processing device and the second information processing device.
-
-
15. An anti-malware method comprising, when storage stores risk information in which there are associated a value indicating an attribution of a first information processing device configured to execute software, a value indicating an attribution of the software, and a value that depends on the attributions of the first information processing device and the software and that indicates a degree of risk when the software is executed by the first information processing device:
-
by a third information processing device comprising a memory that stores a set of instructions and at least one processor configured to execute the set of instructions, collecting the value indicating the attribution of the first information processing device from outside; collecting the value indicating the attribution of the software from outside; determining that the software is malware when the value indicating the degree of risk satisfies a criterion, the value being obtained by comparing the risk information with the values collected, indicating the attribution of the first information processing device and the attribution of the software; and transferring the software to a second information processing device when it is determined that the software is malware, and then causing the second information processing device to execute the software. - View Dependent Claims (16)
-
-
17. A non-transitory computer readable recording medium storing an anti-malware program for causing a computer accessible to storage for storing risk information in which there are associated a value indicating an attribution of a first information processing device configured to execute software, a value indicating an attribution of the software, and a value that depends on the attributions of the first information processing device and the software and that indicates a degree of risk when the software is executed by the first information processing device, to execute:
-
a process of collecting the value indicating the attribution of the first information processing device from outside; a process of collecting the value indicating the attribution of the software from outside; a process of determining that the software is malware when the value indicating the degree of risk satisfies a criterion, the value being obtained by comparing the risk information with the values collected in the subject attribution collection process and the object attribution collection process; and a process of transferring the software to a second information processing device when it is determined that the software is malware and then causing the second information processing device to execute the software. - View Dependent Claims (18)
-
Specification