NETWORK-TYPE VIRUS ACTIVITY DETECTION PROGRAM, PROCESSING METHOD AND SYSTEM

摘要

PROBLEM TO BE SOLVED: To detect the activity of a network-type virus on a PC under zero-day attack without use of a signature, thereby preventing the spread of infection.;SOLUTION: A monitoring part 11 monitors outbound communications using a network interface 3. A process specifying part 12 specifies a process 2X that caused communication. A process-tree acquisition part 13 outputs process-tree information by which a process preceding the process 2X is specified. A determining part 14 refers to a corruption rule file 18 that defines corruption processes by combining the process that caused communication and the process preceding it, and determines whether or not the process 2X is corrupt according to communication information, process information and the process-tree information. A process stopping part 15 stops the process 2X determined to be corrupt. A notification part 16 notifies the user of the stop of the process 2X.;COPYRIGHT: (C)2006,JPO&NCIPI