	US 12,462,026 B2
	Generation device, generation method, and generation program
Daiki Chiba, Musashino (JP); and Mitsuaki Akiyama, Musashino (JP)
Assigned to NTT, Inc., Tokyo (JP)
Appl. No. 18/272,802
Filed by NTT, Inc., Tokyo (JP)
PCT Filed Jan. 20, 2021, PCT No. PCT/JP2021/001920 § 371(c)(1), (2) Date Jul. 18, 2023, PCT Pub. No. WO2022/157867, PCT Pub. Date Jul. 28, 2022.
Prior Publication US 2024/0303330 A1, Sep. 12, 2024
Int. Cl. G06F 21/55 (2013.01); G06F 21/56 (2013.01)

CPC G06F 21/56 (2013.01) [G06F 21/562 (2013.01)]

6 Claims

1. A generation device comprising:

generation circuitry configured to:

acquire information on software;

extract a feature quantity of the software from the information of the software acquired;

generate a cluster for the software based on the feature quantity extracted, and calculate a clustering result including a center of gravity of the cluster;

match the clustering result calculated with a past clustering result when a distance between a center of gravity of a cluster included in the past clustering result calculated from information on malware is equal to or less than a predetermined value; and

generate a graph representing a relationship between the software and the malware based on a result of matching, and

output the generated graph to a display,

wherein the generation circuitry is further configured to:

acquire information on a plurality of pieces of software in a time series order;

extract an operation or structural characteristic of the software as the feature quantity;

further update the past clustering result;

and connect a node corresponding to the clustering result matched and the node corresponding to the past clustering result by edges in a time series order.