An object of this invention is to obtain a whitelist generator with which the accuracy of data relating to the specifications of normal communication serving as an automatic generation source can be guaranteed, whereby the accuracy of a generated whitelist can be guaranteed over an entire whitelist generation flow. The whitelist generator is applied to a system formed from a plurality of devices, the plurality of devices being configured to exchange data with each other, in order to generate a whitelist used for whitelisting intrusion detection, and includes a model verification unit that verifies, on the basis of an input model, at least one of whether or not normal communication in the system has been modeled correctly and whether or not the model is logically consistent, and a model conversion unit that converts the verified model into a whitelist.
展开▼