Malware analysis apparatus, malware analysis method, and recording medium storing malware analysis program

摘要

Analyze the similarity of behavior between the software under investigation and known malware efficiently and with high accuracy. The malware analysis apparatus 40 compares the abstraction unit 41 that generates the first abstract information 410 that abstracts the first operation information 440 that represents the result of the operation of the software that is the sample, and one or more comparisons with the sample. The abstract information storage unit 45 storing the second abstract information 450 obtained by abstracting the second operation information representing the result of the operation for each target software, the first abstract information 410 and the second abstract information A calculating unit 42 that calculates the degree of similarity with the abstract information 450 and a specifying unit 43 that specifies software to be compared that satisfies the degree of similarity.