INTRUSION POINT IDENTIFICATION DEVICE AND INTRUSION POINT IDENTIFICATION METHOD

An intrusion point identification device (10) includes: a threat information collector (130) that collects and stores threat information including identification information, route information, and discovery information, the identification information identifying a moving body into which a threat has intruded among one or more moving bodies, the route information indicating a route through which the threat has intruded into the moving body among a plurality of routes included in the moving body, the discovery information indicating a discovery date of an attack by the threat that has intruded into the moving body; a vehicle log collector (140) that collects logs, extracts, from the collected logs, histories of points that indicate locations of the one or more moving bodies within a predetermined period, and stores the histories of the points as history information, the logs indicating points that indicate locations of the one or more moving bodies in association with dates and times, the predetermined period being set based on the discovery information; an intrusion point identification unit (150) that identifies an intrusion point of the threat from a first attack source through a first route among the points indicated in the history information stored in the vehicle log collector (140); and an intrusion point notifier (160) that outputs the point identified by the intrusion point identification unit (150).