JP2008191813A - File importance determination device, file importance determination method and file importance determination program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an importance determination device that can determine importance of a file reflecting a use status of the file. <P>SOLUTION: A file opening information extraction means 150 fetches a console output log including an identifier of a program and an argument passed to the program which is monitored and saved in a console output log saving means 30 by a console output monitoring means 40, and infers the identifier of the file referred to or updated by the program to measure information on a file use status. A statistical processing means 140 calculates statistical information necessary to determine the importance of files, from the measured file use status information. An importance determination part 90 determines the importance of each file according to the calculated statistical information and conversion rules defined in the importance determination part 90. The importance determination part 90 saves the determined importance in an importance determination data saving part 60. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a file importance determination device, a file importance determination method, and a file importance determination program, and more particularly to a file importance, which is a degree representing the importance of a file without having special knowledge about the file. The present invention relates to a file importance determination device, a file importance determination method, and a file importance determination program that can be determined.

  2. Description of the Related Art Conventionally, there is a method of reducing the load on a computer due to backup and reducing the waiting time of a user due to backup by changing the backup frequency according to a file using a backup device or the like. In other words, files with high importance are more frequently backed up, and files that are not so are reversed. Conventional importance determination devices are used to automatically determine the importance of a file used for determining such a backup frequency without relying on humans.

  An example of a conventional importance level determination device is described in Patent Literature 1, Patent Literature 2, and Patent Literature 3.

  According to Patent Document 1, a conventional importance determination device determines the importance of a file by measuring the number of updates per unit time of the file and the updated ratio (update block ratio) of the entire file. ing. With this technique, it is possible to determine that a file that is frequently updated and has a large update block rate is high in importance, and conversely, a file that has a low update count and low update block rate can be determined to have low importance.

  The configuration of the embodiment of Patent Document 2 is shown in FIG. According to Patent Document 2, the importance determination device 1050 uses the file creation date and the update date among the file management information 1040 b automatically created by the file system 1020 and associated with the actual file data 1040 a. The file creation time (cumulative time of file editing) is estimated, and the importance is determined based on the creation time. As a result, the importance level of the file can be determined in the same manner as in Patent Document 1. The flow of the actual file creation time estimation and importance determination in Patent Document 2 will be described with reference to the flowchart of FIG. In step S1020, the management information extraction unit 1050a extracts the creation date / time and the update date / time from the file management information 1040b. In step S1030, the creation time calculation unit 1050b calculates the creation time as the difference between the extracted update date and time and the creation date and time. In step S1050, the importance level determination unit 1050c determines the importance level based on the creation time calculated by the creation time calculation unit 1050b. With this technique, a file having a long creation time is determined to have a high importance, and a file having a short creation time is determined to have a low importance.

  According to Patent Document 3, in another importance level determination device, the number of dependencies from other software packages is statically analyzed for a software package provided with a file to be subjected to importance level determination. Judging the degree. With this technology, a file that is important for the operation of a computer such as a system library on which a large number of software packages depend can be discriminated from a file that is not important for the operation of a computer such as documents.

JP 10-171693 A JP 2005-84910 JP 2006-072856

  As described above, in the conventional importance level determination device, a method for measuring the number of updates per unit time and the update block rate as disclosed in Patent Document 1 or Patent Document 2 for determining the importance level of a file is disclosed. As can be seen, a method for estimating the creation time of a file and a method for analyzing the number of dependencies of a software package that provides a file have been used, as can be seen in Patent Document 3. However, according to the determination methods of Patent Documents 1 and 2, since the files whose importance is determined are limited to files that can be updated, the importance of data files that are not allowed to be updated or data files that are hardly updated are determined. It is not suitable for judgment. On the other hand, according to the determination method of Patent Document 3, if the file whose importance is to be determined is included in the software package, the importance can be determined regardless of the type of the file. However, since the importance of a file is uniformly determined by the number of dependencies from other programs, a data file that is installed but not used at all is more important than a data file that is used many times a day. There is a possibility that it is determined as a high-degree file. For this reason, data files that are used more frequently are not suitable for determining the importance for the purpose of increasing the backup frequency or the virus check frequency.

“Purpose of invention”
An object of the present invention is to provide a file importance determination device that can determine the importance based on the actual usage status of a data file regardless of the type of the file.

  The first file importance determination device of the present invention analyzes a console output log read from a console output log storage unit that stores a plurality of console output logs including an identifier of a started program and an argument passed to the program. A file open information extracting means for extracting an identifier of the file opened by the program, and a statistic for performing statistical processing based on the identifier of the file extracted by the file open information extracting means and outputting a statistical value relating to the use of the file A processing unit, an importance determination unit that converts a statistical value regarding the use of the file output from the statistical processing unit into a file importance value, and a file importance value obtained by the importance determination unit. And a degree-of-importance determination data storage unit to be stored.

  The second file importance determining apparatus according to the present invention is characterized in that, in the first file importance determining apparatus, the statistical value is a total number of open times for each file.

  The third file importance determination device of the present invention is characterized in that, in the first file importance determination device, the statistical value is a unique number of identifiers of a program that has opened the file for each file.

  According to a fourth file importance determination device of the present invention, in any of the first to third file importance determination devices, an importance conversion rule indicating a correspondence between a file statistical value and a file importance value is provided. An importance level conversion rule storing unit is provided, and the importance level determination unit refers to the importance level conversion rule to determine an importance value.

  According to a fifth file importance determination device of the present invention, in the first to third file importance determination devices, a statistical processing rule storage unit that holds a statistical processing rule that defines the predetermined statistical processing is provided. The processing unit executes statistical processing defined by the statistical processing rule.

  According to a sixth file importance determination device of the present invention, in the first to third file importance determination devices, the importance value of the file stored in the importance determination data storage unit is extracted from the importance use program. It is characterized by comprising an importance level taking-out means.

  According to a seventh file importance determination device of the present invention, in the sixth file importance determination device, the importance use program is a backup program that adjusts the frequency of backup according to the importance of the file. Features.

  An eighth file importance determination apparatus according to the present invention is the sixth file importance determination apparatus, wherein the importance utilization program is a virus scan program that adjusts a frequency of performing a virus check according to the importance of the file. It is characterized by that.

  The file importance determination method of the present invention is a method for determining the importance of a file using a computer, and the computer stores a plurality of console output logs including an identifier of a program and an argument passed to the program. A first step of analyzing a console output log read from the console output log storage means and extracting an identifier of a file opened by a program; and the computer performs statistical processing based on the identifier of the opened file. A second step of outputting a statistical value for each file; a third step in which the computer converts the statistical value for each output file into a value of importance of the file; and A fourth value that stores the importance value of the selected file in the importance determination data storage unit Characterized in that it comprises a step.

  The file importance determination program of the present invention includes a console output log storage unit that stores a plurality of console output logs including an identifier of a started program and an argument passed to the program. Analyzing the read console output log to extract the identifier of the file opened by the program, performing statistical processing based on the identifier of the opened file, and outputting a statistical value for each file 2, a third process for converting the statistical value of each output file into a file importance value, and storing the obtained file importance value in the importance determination data storage unit The fourth process is performed.

"Action"
In the present invention, among the information on the use of a file that could not be used as an element for determining the importance in the conventional importance determination method, the file related to the file identifier such as the identifier of the file opened and the number of times of opening. The statistical value is calculated by using a console output log including a program identifier and an argument passed to the program, which is measured by the console output logging unit. Therefore, it is possible to determine the importance reflecting the file reference information included in the file open information. For example, a file that is frequently opened from a program can be determined to have a high importance level, and conversely, a file that is hardly opened from a program can be determined to have a low importance level.

  According to the present invention, the degree of importance can be determined based on the actual usage status of a data file regardless of the type of file. The reason is that the statistical value regarding the use of the data file obtained by the statistical processing from the console output log including the program identifier and the argument passed to the program indicates the actual usage status of each data file to be referenced or updated. This is because the importance converted from the statistical value is based on the actual usage status of the data file. Therefore, it is very effective if the present invention is applied to the determination of the importance for the purpose of increasing the backup frequency or the virus check frequency for a data file having a high usage frequency.

  Next, the best mode for carrying out the present invention will be described in detail with reference to the drawings.

  Referring to FIG. 1, the first embodiment of the present invention stores an importance use program 10 that operates with the importance determined according to the present invention as an input, and a screen output to the console when the program is executed. A console output logging unit 20 for executing the program, and a file importance determining device 50 for determining the importance of the program.

  The importance use program 10 is a program that operates using the importance of the file determined by the file importance determination device 50. The importance use program 10 assumes a type of program that can improve execution efficiency and execution performance by using the importance of the file determined by the file importance determination device 50. Specifically, a computer backup program, a virus detection program, or the like is assumed. For example, in the backup program, highly efficient and effective backup can be expected by changing the backup frequency according to the importance of the program and backing up only the highly important program at a high frequency. Similarly, in the virus detection program, highly efficient and effective virus scanning can be expected by changing the frequency of virus checking according to the importance level, and checking only the highly important programs with a high frequency.

  The console output logging unit 20 stores all user input and program output when a program is executed on the console as a log. FIG. 2 shows the configuration of the console output log saved by the console output logging unit 20. In this log, the keyboard input from the user and the output of the program execution result are all stored in the order in which the program is executed. The keyboard input content from the user is composed of a command name of the program to be executed and an argument passed to the program.

  The file importance determination device 50 includes an importance determination data storage unit 60, an importance determination unit 90, a statistical processing unit 120, and a file open information extraction unit 150.

  The file importance determination device 50 determines the importance of a file at a constant cycle as a batch job or when a file in a computer is updated.

  The file open information retrieval unit 150 analyzes the console output log stored in the console output log storage unit 30 in response to a request from the statistical processing unit 120, and estimates a file opened when the program is executed. Specifically, paying attention to the user input line in the console output log, if the argument passed to the program is a file name, the file represented by this file name was opened by the program at runtime Estimated.

  The statistical processing unit 120 performs statistical processing based on the identifier of the file extracted by the file open information extraction unit 150, and outputs a statistical value related to the use of the file, which is information necessary for determining the importance. In the present embodiment, the statistical processing unit 120 includes a statistical processing rule storage unit 130 that stores statistical processing rules that define statistical processing, and a statistical processing unit 140 that executes statistical processing defined by the statistical processing rules. Consists of.

  The statistical processing rule stored in the statistical processing rule storage means 130 is composed of a set of statistical values relating to the use of files and a statistical processing procedure which is a specific procedure for aggregating the statistical values as shown in FIG. The Specifically, for example, when considering a statistical value related to file usage, which is the number of times a file has been opened as a statistical value related to file usage, the statistical processing rule for obtaining this is shown in FIG. become that way. According to FIG. 4, the statistical processing procedure for obtaining the “file open count” is “total number of times the importance determination target file is opened”. That is, the number of times each file is opened is counted from the file open information extracted by the file open information extracting unit 150. Similarly, the statistical processing procedure for obtaining the “number of unique programs” that is one of the statistical values related to the use of the file is “total number of unique program identifiers that have opened the importance determination target file”. As described above, a series of procedures for calculating statistical values related to file usage using information obtained from the console output log can be defined as statistical processing rules.

  The importance determination unit 90 converts the statistical value regarding the use of the file output from the statistical processing unit 120 into the importance value of the file. In the case of the present embodiment, the importance level determination unit 90 includes an importance level conversion rule storage unit 100 that holds an importance level conversion rule indicating a correspondence between a statistical value related to file usage and an importance level value of a file. It is comprised with the importance determination means 110 which determines the value of importance with reference to a degree conversion rule.

  As shown in FIG. 5, the importance conversion rule stored in the importance conversion rule storage unit 100 defines a correspondence table between “open count” which is one of statistical values related to file usage and importance. . Here, “open count” represents the number of times the importance determination target file has been opened, and this is a statistical value relating to the use of the file calculated by the statistical processing unit 120. In addition to associating the statistical value related to the use of one file with the importance as shown in FIG. 5, this correspondence table is not limited to the statistical value related to the use of two files (here, “ By associating statistic values related to the use of an arbitrary number of files with importance levels, such as associating the "open count" and "number of unique programs") with importance levels, the statistical values related to the use of more files can be converted to importance levels. It may be reflected. The importance level conversion rule is created in advance based on the policy of the computer operator (for example, a company) of the first embodiment.

  The importance determination data storage unit 60 includes importance determination data storage means 70 and importance extraction means 80. The importance determination data storage unit 70 stores importance determination data having a configuration as shown in FIG. 7, for example. As shown in FIG. 7, the importance determination data includes items of a file name and importance to be determined. The file that is the target of importance determination is, for example, a monitoring target file set by virus scan software included in the importance use program 10. In the importance item, a value representing the importance determined by the importance determination unit 90 is described.

  The importance extraction means 80 of the importance determination data storage unit 60 extracts the importance in response to a request from the importance utilization program 10 and passes this importance to the importance utilization program 10.

  The file importance determination device 50 can use the same or different computer as the basic hardware that implements the importance utilization program 10 or the console output logging unit 20. The importance level determination data storage unit 60, the importance level determination unit 90, the statistical processing unit 120, and the file open information extraction unit 150 can be realized by causing a processor mounted on the computer to execute a program. .

  The file importance determination device 50 may be realized by previously installing the above-described program in a computer, a magnetic disk (flexible disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk ( Or the like, or may be realized by distributing the program to a computer as needed by distributing the program through a network such as a LAN or the Internet.

  The console output log storage unit 30, the importance determination data storage unit 60, the importance determination unit 90, and the statistical processing unit 120 are externally attached to a storage device such as a memory or a hard disk device built in the computer or the computer. It can be realized by appropriately using a storage device such as a memory or a hard disk device, or a removable storage medium such as a flexible disk.

  Further, an OS (operating system) running on the computer based on an instruction of a program installed in the computer from the storage medium, MW (middleware) such as database management software, network software, or the like implements the present embodiment. A part of each process may be executed. The number of storage media is not limited to one, and the case where the processing according to the present embodiment is executed from a plurality of media is also included in the storage medium of the present invention, and the media configuration may be any configuration.

  The above computer executes each process in the first embodiment based on a program stored in a storage medium, and a single device such as a personal computer or a plurality of devices are connected to a network. Any configuration such as a computer may be used. The above computer is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and collectively refers to devices and devices that can realize the functions of the present invention by a program.

  Next, the overall operation of the present embodiment will be described in detail with reference to the flowchart of FIG.

  FIG. 8 is a flowchart showing a processing procedure of the file importance determination device 50. The file importance determination device 50 activates the processing shown in FIG. 8 at a constant cycle as a batch job or in response to the file being updated.

  In step S110, the file importance determination device 50 selects one unselected file as a determination target file from among the files whose importance is to be determined. The file for which the importance level is to be determined is specified by a file name in advance by an importance level utilization program that uses the importance level, a computer administrator, or the like.

  In step S <b> 120, in the file importance determination device 50, the file open information extraction unit 150 extracts the executed program and the file list estimated to have opened the program from the console output log storage unit 30.

  In step S130, in the file importance determination apparatus 50, the statistical processing unit 120 calculates the statistical value related to the use of the file by applying the file open information extracted in step S120 to the statistical processing rule.

  In the file importance determination device 50 in step S140, the importance determination unit 90 refers to the importance conversion rule, and uses the statistical value relating to the use of the file calculated by the statistical processing unit 120 in step S130. Determine the importance. Specifically, as shown in FIG. 5, the importance level conversion rule is defined in the importance level determination unit 90, and the number of times the determination target file is opened by the statistical processing unit 120 is calculated as 110 times. If so, the importance level determination unit 90 determines the importance level to be 50.

  In step S150, in the file importance determination apparatus 50, the importance determination unit 90 stores the determined importance in the importance determination data storage unit 60.

  In step S160, the file importance determination device 50 confirms whether or not all the determination target files that are the targets of the importance determination have been selected. The file importance determination device 50 repeats the processing from step S110 to step S160 until “YES” can be determined. Thus, the importance level is determined for all the determination target files. If “YES” can be determined in step S160, the file importance determination device 50 ends the process shown in FIG.

  Next, the effect of this embodiment will be described.

  According to the first embodiment, the importance level of the file is determined based on the console output log measured and stored by the console output logging unit 20. That is, the statistical processing unit 120 uses the file open information measured by the console output monitoring unit 40 and stored in the console output log storage unit 30 based on the statistical processing rules defined in the statistical processing unit 120. Convert to statistics. Then, based on the obtained statistical value regarding the use of the file and the importance conversion rule defined in the importance determination unit 90, the importance determination unit 90 determines the importance of the program file. The importance obtained in this way can reflect the actual usage information of the file such as the number of times the file has been opened.

  For example, if you want to determine the importance of a file that is considered to have a large impact on your computer if it is tampered with, such as a file that is frequently opened, the statistical value related to the use of the file is called "number of times to open" And by appropriately setting importance conversion rules for converting this into importance, the importance reflecting the actual usage information of the file can be automatically determined. In addition, as shown in FIG. 6, by increasing the number of file usage statistics to be input to the importance conversion rule to 2 or more according to the purpose, the statistics on the usage of more files are important. As a result, improvement in the accuracy of importance can be expected.

  Next, a first embodiment of the present invention will be described with reference to the drawings. This example corresponds to the first embodiment of the present invention.

  This embodiment includes a keyboard as an input device, a personal computer as a data processing device, a magnetic disk device as a data storage device, and a display as an output device.

  The personal computer has a central processing unit that functions as console output monitoring means 40, importance level extraction means 80, importance level determination means 110, statistical processing means 140, and file open information extraction means 150. In addition, it has a magnetic disk device that functions as console output log storage means 30, importance level determination data storage means 70, importance level conversion rule storage means 100, and statistical processing rule storage means 130.

  It is assumed that a request for calculating the importance of the file “memo.txt” is issued from one of the programs included in the importance use program 10. Further, it is assumed that the rule shown in FIG. 4 is defined in the statistical processing rule. In order to obtain the importance level of the file “memo.txt”, the statistical processing unit 120 acquires the file open information from the console output log storage unit 30 through the file open information 150, and applies the statistical processing rule to this. , You need to find statistics on file usage.

  Here, the console output log is stored in the console output log storage means 30, and specifically has the contents shown in FIG. 9, for example. FIG. 9 is an example of a console output log in a general UNIX (registered trademark) system. Lines beginning with the symbol "$" indicate user input to the console, indicating the command name of the program and the arguments passed to the program. The line that does not start with "$" following the user input line is the output from the program (program execution result). Therefore, in order for the file open information retrieval unit 150 to estimate the file opened when the program “vi” is executed, first, a line indicating a user input (a line starting with the symbol “$”) is extracted from the console output log. Of these, the program whose command name matches "vi" is extracted, and it is sufficient to check whether the value passed as an argument is the specified file name.

  In order to calculate “file open count”, which is a statistical value related to file usage, using the statistical processing rule, the statistical processing unit 120 is a statistical processing procedure corresponding to the statistical value “file open count”. Apply "Aggregate the number of times the importance judgment target file is opened" to the file open information. That is, of the contents of the file open information extracted through the file open information extracting unit 150, the number of appearances of entries whose file name portion is “memo.txt” is totaled. The number of appearances represents the number of times the file “memo.txt” has been opened. Here, it is assumed that the file “memo.txt” has been opened 31 times.

  Next, it is assumed that the importance level determination unit 90 refers to the importance level conversion rule shown in FIG. In this importance level conversion rule, an importance level corresponding to “file open count” is defined. For example, the importance of a file opened 100 times or more and less than 500 times is defined as 50. The importance level determination unit 90 refers to the importance level conversion rule 31 times “memo.txt” opened by the statistical processing unit 120, and determines the importance level corresponding to “memo.txt” to be 5. . After determining the importance, the importance determination unit 90 stores the file name “memo.txt” and the corresponding importance value “5” in the importance determination data storage unit 60 in the format shown in FIG. To do.

  The importance stored in the importance determination data storage unit 60 is acquired by the importance use program 10 and used for the operation of the importance use program 10.

  As described above, in the first embodiment, the importance level conversion rule has been described as a conversion table from the statistical value to the importance level regarding the use of one or two files, but in addition to this, the use of an arbitrary number of files is also related. Define the importance conversion rules and determine the importance in other formats, such as conversion tables from statistical values to importance, and mathematical formulas and programs that calculate importance from statistics on the usage of any number of files Can do.

  In addition, the importance determination data storage unit 60 extracts importance, which is means for the importance determination data storage means 70 and means for using the importance utilization program 10 to extract the importance. The importance level extraction unit 80 may be outside the importance level determination data storage unit 60.

  The importance level determination unit 90 includes two elements: an importance level conversion rule storage unit 100 that is a unit for storing an importance level conversion rule, and an importance level determination unit 110 that is a unit for determining the importance level. However, the importance level conversion rule storage unit 100 may be outside the importance level determination unit 90. Further, the importance level conversion rule storage unit 100 may be omitted by incorporating an importance level conversion rule into a program that implements the importance level determination unit 110.

  The statistical processing unit 120 is composed of two elements, that is, a statistical processing rule storage unit 130 that is a unit for storing statistical processing rules and a statistical processing unit 140 that is a unit for performing statistical processing. The statistical processing rule storage unit 130 may be outside the statistical processing unit 120. Further, the statistical processing rule storage unit 130 may be omitted by incorporating a statistical processing rule in a program that implements the statistical processing unit 140.

  If the console output log generated by the console output monitoring unit 40 has already been subjected to statistical processing and can be directly converted into importance by the importance determination unit 90, the statistical processing unit 120 performs statistical processing. Instead, an unprocessed console output log may be passed as an input to the importance determination means 110.

  Next, FIG. 10 shows an embodiment in which the present invention is applied to a virus scan program, and shows a difference from an operation example of a normal virus scan program. Regular virus scanning programs regularly scan all files installed on your computer to make sure that it has not been tampered with or otherwise maliciously modified. Guarantee. In this method, since all files are scanned in one scan, there is a problem that the scan time for one scan increases as the number of files installed in the computer increases. In this case, for example, when 30 minutes is required for one scan, the minimum time from tampering to detection of tampering is 30 minutes at worst.

  Therefore, by using the present invention, the files to be scanned are grouped according to the importance, and the scan frequency is changed for each group, so that the scan time for one time is shortened and included in the high importance group. You can expect to increase the security of your computer by focusing on scanning only the files.

  Specifically, as shown in FIG. 10, the importance level is determined in advance by the file importance level determination device 50 for all files that the virus scanning program 10 is to scan. Next, the files are grouped according to the determined importance, and the scan interval is set appropriately. Specifically, for example, for a relatively low importance file having an importance level of less than 100, the scan interval is set to 60 minutes and the scan is performed at a long interval. For a relatively high importance file with an importance level of 100 or more, the scan interval is set to 5 minutes, and the scan is performed at a short interval. In this way, only important files can be intensively scanned at short intervals, so that it can be expected to shorten the time from tampering to detection of tampering.

  The present invention can be applied to uses such as a virus scanning program that searches for viruses from the entire computer, and an intrusion detection device that detects tampering and intrusion. In addition, weighting by importance of search results in search systems that search for files containing specific keywords from the entire computer installed in personal computers, etc., and weighting of backup priority by importance in backup systems It can also be applied to.

[BRIEF DESCRIPTION OF THE DRAWINGS] It is a block diagram which shows the structure of the best form for implementing 1st invention of this invention. It is a figure which shows the structure of a console output log. It is a figure which shows the structure of a statistical processing rule. It is a figure which shows the example of a definition of a statistical processing rule. It is a figure which shows the example of a definition of the file importance with respect to the frequency | count of opening of a file. It is a figure which shows the example of definition of the importance corresponding to the frequency | count of a file open, and the number of unique programs. It is a structure of the importance determination data of a file. It is a flowchart which shows the whole operation | movement of the best form for implementing this invention. It is a figure which shows an example of a console output log. It is a figure which shows the Example at the time of applying this invention to a virus scanning program. It is a block diagram which shows the structure of embodiment of a prior art. It is a flowchart which shows operation | movement of embodiment of a prior art.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Importance utilization program 20 ... Console output logging part 30 ... Console output log storage means 40 ... Console output monitoring means 50 ... File importance determination apparatus 60 ... Importance determination data storage part 70 ... Importance determination data storage means 80 ... Importance level extraction means 90 ... Importance level determination unit 100 ... Importance level conversion rule storage means 110 ... Importance level determination means 120 ... Statistical processing section 130 ... Statistical processing rule storage means 140 ... Statistical processing means 150 ... File open information extraction means

Claims (10)

  A file for analyzing the console output log read from the console output log storage means for storing a plurality of console output logs including the identifier of the started program and the argument passed to the program, and extracting the identifier of the file opened by the program An open information extracting unit, a statistical processing unit that performs statistical processing based on the identifier of the file extracted by the file open information extracting unit, and outputs a statistical value relating to the use of the file, and a file output from the statistical processing unit An importance determination unit that converts a statistical value related to the use of the file into an importance value of the file, and an importance determination data storage unit that stores the importance value of the file obtained by the importance determination unit. Feature file importance level judgment device.   2. The file importance determination apparatus according to claim 1, wherein the statistical value is a total number of times of opening for each file.   2. The file importance determination apparatus according to claim 1, wherein the statistical value is a unique number of identifiers of programs that have opened the file for each file.   Importance conversion rule storage means for storing an importance conversion rule indicating correspondence between the statistical value of the file and the importance value of the file is provided, and the importance determination unit refers to the importance conversion rule to determine the importance 4. The file importance determination device according to claim 1, wherein the file importance determination device according to claim 1 is determined.   The statistical processing rule storing means for holding a statistical processing rule that defines the predetermined statistical processing is provided, and the statistical processing unit executes the statistical processing defined by the statistical processing rule. 4. The file importance degree determination device according to any one of 3 above.   The importance extraction means for extracting the importance value of the file stored in the importance determination data storage unit from the importance use program, according to any one of claims 1 to 3. File importance determination device.   7. The file importance determination apparatus according to claim 6, wherein the importance use program is a backup program that adjusts the frequency of backup according to the importance of the file.   7. The file importance determination apparatus according to claim 6, wherein the importance use program is a virus scan program that adjusts the frequency of virus inspection according to the importance of the file. A method for determining the importance of a file using a computer,
The computer analyzes a console output log read from a console output log storage unit that stores a plurality of console output logs including a program identifier and an argument passed to the program, and extracts an identifier of a file opened by the program The first step;
A second step in which the computer performs statistical processing based on the identifier of the opened file and outputs a statistical value for each file;
A third step in which the computer converts the output statistical value for each file into a file importance value;
And a fourth step in which the computer stores a value of importance of the obtained file in an importance determination data storage unit. In a computer having console output log storage means for storing a plurality of console output logs including an identifier of a started program and an argument passed to the program,
A first process of analyzing a console output log read from the console output log storage means and extracting an identifier of a file opened by a program;
A second process of performing statistical processing based on the identifier of the opened file and outputting a statistical value for each file;
A third process for converting the output statistical value for each file into a file importance value;
A file importance determination program for performing a fourth process of storing the obtained importance value of a file in an importance determination data storage unit.

Images