BYTE SEQUENCE EXTRACTION DEVICE, BYTE SEQUENCE EXTRACTION METHOD, AND BYTE SEQUENCE EXTRACTION PROGRAM

摘要

PROBLEM TO BE SOLVED: To detect malware without fail and to decrease throughput reduction in the detection.;SOLUTION: When an attack to vulnerability is detected, a byte sequence extraction device determines files acquired in relation to the attack as malware. Among the files determined as malware, a file in which malware is not detected by existent malware detection software is determined as a file of unknown malware. The byte sequence extraction device extracts a byte sequence of a predetermined length that is not present in an innocent file which is any other file than malware but is present in the file of unknown malware. The byte sequence extracted in such a manner is used as a signature of malware and matching with communication data is performed.;COPYRIGHT: (C)2015,JPO&INPIT