An information processing system using an intranet is highly convenient for the user. Meanwhile, in a case where a remote administration tool (RAT) invades such an information processing system, for example, for the purpose of a targeted attack, this results in a risk of, for example, confidential data leakage.
In contrast, there is a technique for monitoring a predetermined action by the RAT. It is possible to recognize a part of an infringement range, by detecting a computer infected by the RAT and recognizing the trace of the attack against the infected computer, using this technique.
In addition, the related art is disclosed in for example, Japanese Laid-open Patent Publication No. 2014-86822, and Japanese Laid-open Patent Publication No. 2005-250802.