ATTACK CODE DETECTION DEVICE, ATTACK CODE DETECTION METHOD, AND ATTACK CODE DETECTION PROGRAM

摘要

An attack code detection device (10) includes a learning unit (123) configured to generate a model that learns, using a known labeled malicious document file (100) including an ROP code, as learning data, a feature of a byte sequence being a component of a document file, and a feature of a byte sequence being a component of an ROP code, a detection unit (124) configured to detect the ROP code included in an inspection target unknown document file (200), based on the model, and a malignancy determination unit (125) configured to determine, based on a detection result, whether the inspection target unknown document file (200) is a malicious data series that executes attack using ROP.