公开(公告)号：US20180288076A1

公开(公告)日：2018-10-04

申请号：US15928294

申请日：2018-03-22

Applicant: NEC Corporation

Inventor： Hisato ONODERA ,  Yoshiya KIZU

IPC: H04L29/06 ,  G06F17/30

Abstract: A malware analysis device 10 includes: a dynamic analysis unit 11 which performs dynamic analysis of malware; a communication determination unit 12 which determines whether communication by the malware occurs when the dynamic analysis unit 11 performs dynamic analysis; a static analysis requesting unit 13 which suspends communication when the communication determination unit 12 determines that the communication by the malware occurs to present a request to perform static analysis; and a setting changing unit 14 which sets a device as a communication destination of the malware to make a response obtained by the static analysis as being expected by the malware.

公开(公告)号：US20170329967A1

公开(公告)日：2017-11-16

申请号：US15529803

申请日：2015-11-30

Applicant: NEC CORPORATION

Inventor： Kentaro SONODA ,  Kayato SEKIYA ,  Yoshiya KIZU

IPC: G06F21/56 ,  H04L12/58

Abstract: Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.

公开(公告)号：US20150172186A1

公开(公告)日：2015-06-18

申请号：US14570002

申请日：2014-12-15

Applicant: NEC Corporation

Inventor： Yoshiya KIZU

IPC: H04L12/741

CPC classification number: H04L45/34 ,  H04L45/308

Abstract: A network system according to the present invention includes a switch configured to receive a packet from a terminal, to identify source information of the packet, to append the source information to the packet based on an instruction, and to transmit the packet, to which the source information is appended, to a communication path based on the instruction, and a controller configured to issue the instruction to the switch. Through this, communication source information, such as a user name, can be identified and the communication path can be specified for respective pieces of source information by referring to the communication from the terminal without introducing an additional device.

Abstract translation: 根据本发明的网络系统包括：交换机，被配置为从终端接收分组，以识别分组的源信息，以基于指令将源信息附加到分组，并且发送分组，其中， 源信息被附加到基于指令的通信路径，以及被配置为向交换机发出指令的控制器。 通过这样，可以识别诸如用户名的通信源信息，并且可以通过参考来自终端的通信而不引入附加设备来为各个源信息指定通信路径。