The present invention provides an intrusion-path analyzing device that is communicatively connected to a control network system to which one or more electronic control devices and a communication device are connected. In the control network system, one or more security sensors are installed, said security sensors sending a security alert to the network when a symptom of security invasion has been detected on at least one of the network, the one or more electronic control devices, and the communication device, the security alert including the detection of the symptom of security invasion. The intrusion-path analyzing device is provided with: an alert acquisition unit that acquires a security alert from the one or more security sensors; an event acquisition unit that acquires an event history of events that have occurred in the control network system; and an intrusion-path analyzing unit that analyzes the intrusion path of an attack anticipated when the security alert has occurred, on the basis of the security alert, the event history, and an intrusion depth indicating the level of intrusion of the attack, and that outputs a result of the analysis.
展开▼