Command source identifying apparatus, command source identification method, and the command source identification program

摘要

PROBLEM TO BE SOLVED: To identify a commander device for giving an operation command to an infected device via a C & C server and to enable disconnection between the commander device and the C & C server.SOLUTION: A command source identification device comprises: acquisition means for acquiring information on a packet involved in the communication between an opposite device for communicating with a predetermined server and the predetermined server; grouping means for grouping the opposite device according to whether the communication meets a predetermined condition or not on the basis of the information on the packet acquired by the acquisition means; and identification means for identifying an opposite device belonging to a group with the number of devices belonging thereto is smaller than other groups among the groups obtained by grouping by the grouping means as a commander device candidate for giving a command to opposite devices other than the opposite device via the predetermined server.