ATTACK OBSERVATION DEVICE AND ATTACK OBSERVATION METHOD

WIPO Patent Application WO/2016/042587

A1

　The present invention relates to an attack observation device which is a simulated environment constructed for running an illegal program such as malware created by an attacker and observing the behavior or attack method of the program. The attack observation device is provided with: a low-interactive-type simulated environment for executing a predetermined response to communication from malware on a terminal; a high-interactive-type simulated environment for executing a response to communication from malware by a virtual machine that simulates a terminal; and a communication management unit for monitoring the execution state of the low-interactive-type simulated environment for the communication from the malware, and switching the communication from the malware to the high-interactive-type simulated environment in accordance with the execution state of the low-interactive-type simulated environment.

KAWAUCHI KIYOTO (JP)
SAKURAI SHOJI (JP)

PCT/JP2014/004773

March 24, 2016

September 17, 2014

Click for automatic bibliography generation  

MITSUBISHI ELECTRIC CORP (JP)

G06F21/53; G06F21/56

JP2008306610A

2008-12-18

MATTHEW L.BRINGER ET AL.: "A Survey:Recent Advances and Future Trends in Honeypot Research", INTERNATIONAL JOURNAL OF COMPUTER NETWORK AND INFORMATION SECURITY(IJCNIS, vol. 4, no. 10, September 2012 (2012-09-01), pages 63 - 75
YU ADACHI ET AL.: "Malware Analysis System using Process-level Virtualization", COMPUTERS AND COMMUNICATIONS, 2009 ISCC 2009, July 2009 (2009-07-01), pages 550 - 556, XP031510575

INABA, Tadahiko et al. (JP)
Tadahiko Inaba (JP)

View/Download PDF      PDF Help

Previous Patent: DEVICE FOR REMOVING MASCARA FROM THE EYELASHES

Next Patent: ON-BOARD CONTROL DEVICE AND SIMULATION DEVICE FOR ON-BOARD CONTROL DEVICE