VIRUS INTRUSION ROUTE IDENTIFICATION DEVICE, VIRUS INTRUSION ROUTE IDENTIFICATION METHOD, AND PROGRAM
First Claim
Patent Images
1. A virus intrusion route determining device for backtracking a virus intrusion route to a terminal device, comprising:
- an operation history storage unit configured to store an operation history which is a history of operations executed in the terminal device;
a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and
an output unit configured to output information indicating the virus intrusion route determined by the determining unit,wherein the information indicating the virus intrusion route includes information indicating a route in which the virus moved.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention aims to backtrack a virus infection route with more detail than in the conventional case. CPUs of client devices respectively monitor operations, and cause storage devices to store operation histories. The CPU determines, upon detecting a virus, the time and date at which the virus was first saved in the client device based on the operation history stored in the storage device, and determines a virus intrusion route based on the operation content that was executed at the determined time and date.
67 Citations
27 Claims
-
1. A virus intrusion route determining device for backtracking a virus intrusion route to a terminal device, comprising:
-
an operation history storage unit configured to store an operation history which is a history of operations executed in the terminal device; a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and an output unit configured to output information indicating the virus intrusion route determined by the determining unit, wherein the information indicating the virus intrusion route includes information indicating a route in which the virus moved. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 18)
-
-
16. A virus intrusion route determining method of backtracking a virus intrusion route to a terminal device, comprising:
-
an operation history storing process of storing an operation history, which is a history of operations executed in the terminal device, into an operation history storage unit; a determining process of determining, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and an outputting process of outputting information indicating the virus intrusion route determined in the determining process, wherein the information indicating the virus intrusion route includes information indicating a route in which the virus moved.
-
-
17. A program stored in a non-transitory computer-readable recording medium that causes a computer to execute virus intrusion route determining processing for backtracing a virus intrusion route to a terminal device, wherein the program causes the computer to function as:
-
an operation history storage unit configured to store an operation history, which is a history of operations executed in the terminal device; a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and an output unit configured to output information indicating the virus intrusion route determined by the determining unit, wherein the information indicating the virus intrusion route includes information indicating a route in which the virus moved.
-
-
19. A virus intrusion route determining device for backtracking a virus intrusion route to a terminal device, comprising:
-
an operation history storage unit configured to store an operation history, which is a history of operations executed in the terminal device; a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and a request transmitting unit configured to transmit, to a server device, a request for determining a virus intrusion route based on the operation history stored in the server device, when the determining unit cannot determine the virus intrusion route based on the operation history stored in the operation history storage unit, wherein the terminal device is provided with the virus intrusion route determining device and the server device connected to the terminal device is also provided with the virus intrusion route determining device, and the virus intrusion route determining device provided in the terminal device and the virus intrusion route determining device provided in the server device cooperate with each other to determine the virus intrusion route to the terminal device.
-
-
20. A virus intrusion route determining device for backtracking a virus intrusion route to a terminal device, comprising:
-
an operation history storage unit configured to store an operation history, which is a history of operations executed in the terminal device; and a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit, wherein the terminal device is provided with the virus intrusion route determining device and a server device connected to the terminal device is also provided with the virus intrusion route determining device, and the determining unit provided in the server device determines the virus intrusion route with respect to an operation history acquired during a time period that is further past than a time period in which the determining unit provided in the terminal device conducted an examination.
-
-
21. A virus intrusion route determining device for backtracking a virus intrusion route to a terminal device, comprising:
-
an operation history storage unit configured to store an operation history, which is a history of operations executed in the terminal device; and a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit, wherein the determining unit is configured to determine, based on the process identification information of a process in which a virus was detected, a file operated between activation of the process and detection of the virus, and when a plurality of files are determined, the determining unit performs narrowing-down to one file that is related to the virus intrusion route by executing weighting with respect to the plurality of files.
-
-
22. A method that is executed in a virus intrusion route determining device of backtracking a virus intrusion route to a terminal device, the method comprising the process of:
-
storing an operation history, which is a history of operations executed in the terminal device, into operation history storage unit; determining, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and transmitting, to a server device, a request for determining a virus intrusion route based on the operation history stored in the server device, when the virus intrusion route cannot be determined based on the operation history stored in the operation history storage unit, wherein the terminal device is provided with the virus intrusion route determining device and the server device connected to the terminal device is also provided with the virus intrusion route determining device, and the virus intrusion route determining device provided in the terminal device and the virus intrusion route determining device provided in the server device cooperate with each other to determine the virus intrusion route to the terminal device.
-
-
23. A program stored in a non-transitory computer-readable recording medium that causes a computer to function as a virus intrusion route determining device that backtracks a virus intrusion route to a terminal device, the program causing the computer to function as:
-
an operation history storage unit configured to store an operation history, which is a history of operations executed in the terminal device; a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and a request transmitting unit configured to transmit, to a server device, a request for determining a virus intrusion route based on the operation history stored in the server device, when the determining unit cannot determine the virus intrusion route based on the operation history stored in the operation history storage unit, wherein the terminal device is provided with the virus intrusion route determining device and the server device connected to the terminal device is also provided with the virus intrusion route determining device, and the virus intrusion route determining device provided in the terminal device and the virus intrusion route determining device provided in the server device cooperate with each other to determine the virus intrusion route to the terminal device.
-
-
24. A method that is executed in a virus intrusion route determining device that backtracks a virus intrusion route to a terminal device, the method comprising the process of:
-
storing an operation history, which is a history of operations executed in the terminal device, into operation history storage unit; and determining, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit; and wherein the terminal device is provided with the virus intrusion route determining device and the server device connected to the terminal device is also provided with the virus intrusion route determining device, and the virus intrusion route determining device provided in the server device determines the virus intrusion route with respect to an operation history acquired during a time period that is further past than a time period in which the virus intrusion route determining device provided in the terminal device conducted an examination.
-
-
25. A program stored in a non-transitory computer-readable recording medium that causes a computer to function as a virus intrusion route determining device that backtracks a virus intrusion route to a terminal device, the program causing the computer to function as:
-
a operation history storage unit configured to store an operation history, which is a history of operations executed in the terminal device; and a determining unit configured to determine, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit, wherein the terminal device is provided with the virus intrusion route determining device and the server device connected to the terminal device is also provided with the virus intrusion route determining device, and the determining unit provided in the server device determines the virus intrusion route with respect to an operation history acquired during a time period that is further past than a time period in which the determining unit provided in the terminal device conducted an examination.
-
-
26. A method in a virus intrusion route determining device for backtracking a virus intrusion route to a terminal device, the method comprising:
-
a storing process of storing an operation history, which is a history of operations executed in the terminal device, into operation history storage unit; and a determining process of determining, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit, wherein the determining process includes the process of; determining, based on process identification information of a process in which a virus was detected, a file operated between activation of the process and detection of the virus; and performing, when a plurality of files are determined, narrowing-down to one file that is related to the virus intrusion route by executing weighting with respect to the plurality of files.
-
-
27. A program stored in a non-transitory computer-readable recording medium that causes a computer to function as a virus intrusion route determining device for backtracking a virus intrusion route to a terminal device, wherein the program causes the computer to function as:
-
an operation history storage unit configured to store an operation history, which is a history of operations executed in the terminal device; and a determining unit for determining, upon detecting a virus, a virus intrusion route of the virus based on the operation history stored in the operation history storage unit, wherein the determining unit is configured to determine, based on process identification information of a process in which a virus was detected, a file operated between activation of the process and detection of the virus, and when a plurality of files are determined, the determining unit performs narrowing-down to one file that is related to the virus intrusion route by executing weighting with respect to the plurality of files.
-
Specification