Cyber attack based on transmission of targeted mails, navigation to bogus sites, or the like has been a social problem. Targeted cyber attack is based on, for example, the following process. First, in an initial stage, an illicit program is transmitted to an attack target machine via transmission of targeted mails, access to a website with the illicit program embedded therein (drive-by download), or the like. The attack target machine is then forced to initiate and execute the illicit program before an attack target user knows the attack. The targeted cyber attack is composed of advanced persistent threat (APT) in which a plurality of instructions is forced to be executed in a step-by-step manner and mainly includes execution of an information collection instruction, setup of an illicit remote session between an attacker machine and the attack target machine, and downloading of collected information via the remote session, which are included in the initial stage, and searches for various types of information and execution of illicit instructions in the infected machine, utilizing the remote session.
As a measure against the cyber attack based on transmission of targeted mails or navigation to bogus sites, a sandbox has been proposed in order to prevent the attack target machine from executing illicit programs or malware or to identify such execution. The sandbox is an isolated environment for security in which a virtual machine isolated from an operating environment of the attack target machine executes an illicit program to allow illicit behavior to be monitored and analyzed.
An example of the sandbox is described in Japanese Laid-open Patent Publication No. 2012-64208.