DEVICE FOR DETECTING MALWARE INFECTED TERMINAL, SYSTEM FOR DETECTING MALWARE INFECTED TERMINAL, METHOD FOR DETECTING MALWARE INFECTED TERMINAL, AND PROGRAM FOR DETECTING MALWARE INFECTED TERMINAL

摘要

A detection device generates an event sequence from events that are acquired for each of identifiers that distinguish among terminals in a monitoring target network or pieces of malware, by taking into account an order of occurrence of the events. The detection device retrieves events that commonly occur in event sequences belonging to a same cluster among clusters including event sequences with similarities at a predetermined level or higher, and extracts, as a detection event sequence, a representative event sequence based on a relationship between events that have high occurrence rates in similar common event sequences. The detection device detects a malware infected terminal in the monitoring target network based on whether the event sequence generated based on a communication in the monitoring target network and the extracted detection event sequence match each other.