In recent years, a targeted attack using malicious software (malware) is increasing. Accordingly, in order to reduce overlooking of malware infection or erroneous detection, a determination method is proposed (for example, International Publication Pamphlet No. 2015/107861). The method uses an evaluation value indicating the degree to which a terminal is assumed to be doing unauthorized activity in accordance with a result of comparison between communications by a terminal and patterns held in advance. In the determination method, an information processing apparatus obtains an evaluation value for each phase and uses the maximum value of the evaluation value for each phase to determine whether the terminal performs an unauthorized activity. A method that estimates whether data is associated with malware is also proposed (for example, Japanese National Publication of International Patent Application No. 2015-530678). In the method, data, of which safety is uncertain or which is uncertain whether the data is non-malicious software, is quarantined and results of a determination as to whether data is safe or non-malicious software before and after quarantine are compared. In this method, data that is not estimated as malware is released from quarantine.
In recent years, a virtual network using software or software defined networking (SDN) that is a technology used to create a virtual network is also attracting attention. In the SDN, a network topology or the like is configured by software. A control apparatus called a controller within a network monitors a communication status of apparatuses within the network and performs control according to a status of each apparatus.