The intrusion detection device and the intrusion detection program stored in the storage medium

摘要

The state managing unit 210 specifies the state of the operating system and determines whether there is a state transition of the operating system based on the specified state. When there is a state transition of the operating system, the state management unit judges whether the state transition of the operating system matches the transition pattern indicated in the state transition scenario, using the state transition scenario indicating the transition pattern of the state transition. If the state transition of the operating system does not match the transition pattern, the alarm output unit 293 outputs an alarm. When the state transition of the operating system agrees with the transition pattern, the whitelist management unit 220 switches the whitelist, and the intrusion detection unit 230 performs the whitelist type intrusion detection.