-
公开(公告)号:US20220294811A1
公开(公告)日:2022-09-15
申请号:US17828149
申请日:2022-05-31
发明人: Takumi YAMAMOTO , Aiko IWASAKI , Hisashi FUKUDA , Kiyoto KAWAUCHI
IPC分类号: H04L9/40
摘要: An attribute-value acquisition unit (203) acquires an attribute value of an attribute associated with a monitoring subject for anomaly detection. A normal-model acquisition unit (204) acquires from among a plurality of normal models generated corresponding to a plurality of attribute values, a normal model generated corresponding to the attribute value acquired by the attribute-value acquisition unit (203). An anomaly detection unit (205) performs the anomaly detection, using the normal model acquired by the normal-model acquisition unit (204).
-
2.发明申请公开(公告)号:US20210006587A1
公开(公告)日:2021-01-07
申请号:US17028284
申请日:2020-09-22
IPC分类号: H04L29/06
摘要: A people network detection unit (110) detects, based on public information of a target person, a people network that indicates a connection between the target person and a group of related persons. A disclosure risk calculation unit (120) calculates a disclosure risk of the target person based on the public information of the target person, and calculates a group of disclosure risks corresponding to the group of related persons based on a group of public information corresponding to the group of related persons. A connection risk determination unit (130) determines a representative value of the group of disclosure risks as a connection risk of the target person based on the group of disclosure risks corresponding to the group of related persons. A security risk calculation unit (140) calculates a security risk of the target person with respect to a cyberattack, using the disclosure risk of the target person and the connection risk of the target person.
-
3.发明申请PROGRAM VERIFICATION APPARATUS, PROGRAM VERIFICATION METHOD, AND PROGRAM VERIFICATION PROGRAM 有权程序验证设备,程序验证方法和程序验证程序公开(公告)号:US20150302202A1
公开(公告)日:2015-10-22
申请号:US14421649
申请日:2013-08-30
发明人: Takumi YAMAMOTO
IPC分类号: G06F21/57
CPC分类号: G06F21/57 , G06F21/54 , G06F21/577 , G06F2221/033
摘要: A necessary information extraction unit extracts, from variables used in a target program, an output variable to which output information to be output by an output function defined in an output function list is set. The necessary information extraction unit extracts, from the variables used in the target program, an encryption variable to which encrypted information encrypted by an encrypting function defined in an encryption function list is set. A protected state analysis unit refers to an assignment statement included in the target program, and extracts an encrypted state variable to which the encrypted information is assigned. A vulnerability determination unit determines whether or not the encrypted state variable and the output variable are the same variable, and outputs a program verification result based on a result of determination.
摘要翻译: 必要的信息提取单元从目标程序中使用的变量提取输出变量,由输出功能列表中定义的输出函数输出输出信息。 必要信息提取单元从目标程序中使用的变量中提取设定通过加密功能列表中定义的加密功能加密的加密信息的加密变量。 受保护状态分析单元是指包含在目标程序中的赋值语句,并且提取分配有加密信息的加密状态变量。 漏洞确定单元确定加密状态变量和输出变量是否是相同的变量,并且基于确定结果输出程序验证结果。
-
4.发明申请公开(公告)号:US20210021617A1
公开(公告)日:2021-01-21
申请号:US17031998
申请日:2020-09-25
IPC分类号: H04L29/06
摘要: An operation unit (120) calculates a feature quantity of an object mail which is an email to be tested. Then, the operation unit acquires, based on the feature quantity of the object mail, a status identifier of the object mail from a status definition file. Then, the operation unit selects a mail thread which the object mail belongs to, from one mail thread or more as an object thread, and adds the status identifier of the object mail to a status group of the object thread. Then, the operation unit decides whether the status group, to which the status identifier of the object mail has been added, of the object thread complies with a detection rule. When the status group of the object thread complies with the detection rule, the operation unit produces an alert.
-
5.发明申请PROCESS TESTING APPARATUS, PROCESS TESTING PROGRAM, AND PROCESS TESTING METHOD 审中-公开过程测试设备,过程测试程序和过程测试方法公开(公告)号:US20160224791A1
公开(公告)日:2016-08-04
申请号:US15024649
申请日:2013-09-25
发明人: Takumi YAMAMOTO , Kiyoto KAWAUCHI , Shoji SAKURAI
CPC分类号: G06F21/566 , G06F21/53 , G06F21/54 , G06F21/56 , G06F21/60 , G06F2221/033 , G06F2221/2101
摘要: A test memory extracting unit 110 extracts a test memory image 191 from a memory area of a target system. A template memory extracting unit 120 extracts a template memory image 192 from a template system not infected with malware. An injected code detecting unit 130 compares the test memory image 191 with the template memory image 192, and generates an injected code list 193. An injected code testing unit 140 generates a malicious code list 195 based on the injected code list 193 and a test rule list 194. A test result output unit 150 generates a test result file 196 based on the malicious code list 195.
摘要翻译: 测试存储器提取单元110从目标系统的存储区域提取测试存储器图像191。 模板存储器提取单元120从未被恶意软件感染的模板系统中提取模板存储器图像192。 注入代码检测单元130将测试存储器图像191与模板存储器图像192进行比较,并且生成注入代码列表193.注入代码测试单元140基于注入的代码列表193和测试规则来生成恶意代码列表195 测试结果输出单元150基于恶意代码列表195生成测试结果文件196。
-
6.发明申请公开(公告)号:US20210224397A1
公开(公告)日:2021-07-22
申请号:US17199894
申请日:2021-03-12
IPC分类号: G06F21/57
摘要: An evaluation tree generation unit (101) generates as an evaluation tree, an attack tree about an information system, which is based on inference using predicate logic. A gold tree generation unit (102) generates a gold tree which covers an intrusion route to the information system and reflects an intrusion procedure for the information system, by using network configuration information indicating a network configuration of the information system and intrusion procedure information indicating an intrusion procedure assumed in intrusion into the information system. A tree comparison unit (103) compares the evaluation tree with the gold tree.
-
公开(公告)号:US20210010950A1
公开(公告)日:2021-01-14
申请号:US17034779
申请日:2020-09-28
IPC分类号: G01N21/956 , G01N21/88
摘要: A correlation value calculation unit calculates a correlation value between input data input to an inspection-targeted apparatus whose internal specifications are unknown and output data for the input data from the inspection-targeted apparatus. A state transition determination unit analyzes in a time-series manner, a plurality of correlation values calculated by the correlation value calculation unit for a plurality of pieces of input data and a plurality of pieces of output data for the plurality of pieces of input data, and determines whether or not a state transition has occurred in the inspection-targeted apparatus.
-
公开(公告)号:US20180019883A1
公开(公告)日:2018-01-18
申请号:US15544982
申请日:2015-02-06
发明人: Hiroki NISHIKAWA , Takumi YAMAMOTO
CPC分类号: H04L9/36 , G06F21/566 , G09C1/00 , H04L9/0618 , H04L9/10
摘要: The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part. The block candidate extraction part analyzes an execution trace in which an execution step of malware is recorded, calculates an evaluation value representing cipher likeliness of the execution step based on whether or not an operation type that characterizes cipher likeliness of the execution step is included in the execution step, and extracts an execution step where the evaluation value exceeds a threshold L, as a block candidate which is a candidate of a cryptographic block. The cryptographic block identification part identifies a region of the execution trace in which the block candidates are consecutive beyond a threshold M, as a cryptographic block.
-
公开(公告)号:US20170337378A1
公开(公告)日:2017-11-23
申请号:US15500476
申请日:2014-08-28
发明人: Takumi YAMAMOTO , Shoji SAKURAI , Kiyoto KAWAUCHI
IPC分类号: G06F21/56
CPC分类号: G06F21/567 , G06F21/562 , G06F21/566 , G06F2221/033
摘要: The present invention relates to a process analysis apparatus for analyzing a process executed in an information processing unit and extracting encryption logic such as an encryption function or a decryption function used in the process. The process analysis apparatus is provided with an execution trace acquisition section to acquire an execution trace of a process to be analyzed; a block extraction section to extract, from the execution trace, a block that is a processing unit indicating a loop structure; a block information extraction section to extract, from the block, block information including input information and output information; and a block information analysis section to generate characteristic determination information for determining a characteristic of an input/output relation of the block, using the input information or the output information of the block information, analyzing the input/output relation of the block, using the characteristic determination information, and determining the block which indicates a characteristic of an input/output relation of an encryption function or a decryption function, as the encryption logic.
-
10.发明公开公开(公告)号:US20240080330A1
公开(公告)日:2024-03-07
申请号:US18384926
申请日:2023-10-30
CPC分类号: H04L63/1425 , H04L41/16 , H04L63/1416
摘要: A security monitoring apparatus (100) includes a content category deducing unit (122), a category comparing unit (123), and an information assignment unit (130). The content category deducing unit (122) deduces a first deduced category that is a result of deducing a category of content that a target device that a monitoring target system (200) includes has, using a content category deducing model that is a learning model that deduces using content data that indicates content, a category of content indicated in the content data, and data that indicates content that the target device has. The category comparing unit (123) verifies whether or not the first deduced category and a category for comparison match. The information assignment unit (130) generates assignment information that is in accordance with whether or not the first deduced category and the category for comparison match.
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.026 秒)
