US 11,924,243 B2
Search device, search method, and search program
Kazuma Shinomiya, Musashino (JP); and Kazunori Kamiya, Musashino (JP)
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
Appl. No. 17/282,778
Filed by NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
PCT Filed Sep. 26, 2019, PCT No. PCT/JP2019/037895
§ 371(c)(1), (2) Date Apr. 5, 2021,
PCT Pub. No. WO2020/075518, PCT Pub. Date Apr. 16, 2020.
Claims priority of application No. 2018-192103 (JP), filed on Oct. 10, 2018.
Prior Publication US 2021/0392145 A1, Dec. 16, 2021
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/145 (2013.01) [H04L 63/1416 (2013.01)] 8 Claims
OG exemplary drawing
 
1. A search apparatus comprising:
processing circuitry configured to:
extract fingerprints that are combinations of first communication data corresponding to requests and second communication data corresponding to responses to the requests, from communication data obtained by executing known malware;
give degrees of priority corresponding to degrees of maliciousness of the malware, to the fingerprints;
generate probes that are requests based on the first communication data included in the fingerprints and signatures based on the second communication data included in the fingerprints;
decide, based on information about communication of sending-out destinations, search-target sending-out destinations from among the sending-out destinations;
send out the probes generated to the search-target sending-out destinations decided in an order based on the degrees of priority given; and
determine whether the search-target sending-out destinations are malicious or not, based on whether responses to the probes sent out match the signatures generated or not.