PROBLEM TO BE SOLVED: To make it possible to effectively extract the genuine behavior of malware from a log obtained by dynamically analyzing the malware.;SOLUTION: A malware feature extraction device obtains a malware analysis log which is a log obtained by executing malware or executing a program associated with the malware, obtains a normal file analysis log which is a log obtained by executing a normal file which is a file not malware or executing a program associated with the normal file, compares the malware analysis log with the normal file analysis log, and extracts a log included in the malware analysis log but not included in the normal file analysis log by performing black log related to the malware.;COPYRIGHT: (C)2016,JPO&INPIT
展开▼