Malicious event detection device, malicious event detection method, and malicious event detection program

摘要

A playback device reads a traffic file which is a dump file of traffic when malicious or benign traffic is generated and generates traffic based on the traffic file on a network having a security instrument that generates an event in accordance with the traffic. In addition, a determination device collects an event generated by the security instrument for the generated traffic and, on the basis of a feature extracted from the collected event, determines whether the event to be determined is for malicious traffic or benign traffic.