Process analysis apparatus, process analysis method, and process analysis for determining input/output relation of a block of execution trace to detect potential malware

摘要

The present invention relates to a process analysis apparatus for analyzing a process executed in an information processing unit and extracting encryption logic such as an encryption function or a decryption function used in the process. The process analysis apparatus is provided with an execution trace acquisition section to acquire an execution trace of a process to be analyzed; a block extraction section to extract, from the execution trace, a block that is a processing unit indicating a loop structure; a block information extraction section to extract, from the block, block information including input information and output information; and a block information analysis section to generate characteristic determination information for determining a characteristic of an input/output relation of the block, using the input information or the output information of the block information, analyzing the input/output relation of the block, using the characteristic determination information, and determining the block which indicates a characteristic of an input/output relation of an encryption function or a decryption function, as the encryption logic.