Data determination device, data determination method, and data determination program

The invention claimed is: 1. A data determination device, comprising: a flag manager to store a current value of a flag set for an own device; a state manager to store a current operation state of the own device transitioning between a plurality of operation states, and to cause the operation state of the own device to transition in accordance with a state transition model defining transition between the plurality of operation states, according to any one or more of an input signal from an outside and the current value of the flag stored in the flag manager; an allowed communication list converter to convert a detection rule, which describes a correspondence relationship between communication data indicating request communication and communication data indicating response communication to the request communication, into an allowed communication list registering in advance communication data for which communication is allowed for each of the plurality of operation states; and a determiner to determine whether communication data input to the own device is communication data in the current operation state registered in the allowed communication list by using any one or more of the current operation state of the own device stored in the state manager, the allowed communication list, and the current value of the flag stored in the flag manager, to thereby determine whether the communication data input to the own device is normal or abnormal, wherein the allowed communication list converter is configured to, when converting the detection rule into the allowed communication list: assign a flag to each of the request communication and the response communication, between which the correspondence relationship is described in the detection rule; and describe, in the allowed communication list, details of a flag operation specifying a set value to be set to the flag and a flag condition for determining whether the set value is set in the flag, in association with each other, and wherein the determiner is configured to: set the set value in the flag in accordance with the details of the flag operation after determining that communication data on the request communication is normal; determine whether the set value is set in the flag based on the flag condition when determining whether communication data on the response communication to the request communication is normal; and determine that the communication data on the response communication is normal when the set value is set, to thereby reset the flag. 2. The data determination device according to claim 1 , further comprising a warner to issue a warning when the determiner determines that the communication data on the request communication or the communication data on the response communication is abnormal. 3. The data determination device according to claim 1 , further comprising a timer to measure a continuation period in which the current operation state of the own device has continued, wherein the state manager is configured to cause the operation state of the own device to transition in accordance with the state transition model according to any one or more of an input signal from the outside, a timer current value of the timer, and the current value of the flag stored in the flag manager, and wherein the determiner is configured to determine whether the communication data input to the own device is communication data in the current operation state registered in the allowed communication list by using any one or more of the current operation state of the own device stored in the state manager, the allowed communication list, and the current timer value from the timer, and the current value of the flag stored in the flag manager. 4. The data determination device according to claim 1 , wherein the allowed communication list converter is configured to: sort pieces of the communication data in the allowed communication list in priority order of operation state, transmission source, and transmission destination, or in priority order of operation state, transmission destination, and transmission source; and assign the sorted orders to the pieces of the communication data as indices, wherein the allowed communication list converter is configured to create a list representing: an index head number indicating a head pointer for specifying a search range of the sorted allowed communication list to be referred to; and a number of searches, based on the operation state, information on the transmission source, and information on the transmission destination, and wherein the determiner is configured to: acquire the current operation state of the own device from the state manager, and acquire the information on the transmission source and the information on the transmission destination from the communication data serving as a determination target; extract, from the list, the index head number and the number of searches based on the current operation state, the information on the transmission source, and the information on the transmission destination; identify the search range to be referred to in the sorted allowed communication list based on the index head number and the number of searches; and compare the communication data in the allowed communication list satisfying the search range with the communication data serving as the determination target, to thereby determine whether the communication data serving as the determination target is normal or abnormal. 5. The data determination device according to claim 1 , wherein the state transition model further defines transition of the operation state according to a result of determination output by the determiner. 6. The data determination device according to claim 1 , wherein the determiner is configured to cut off communication of the communication data when the determiner determines that the communication data is abnormal. 7. A data determination method, comprising: storing a current value of a flag set for an own device; causing an operation state of the own device to transition and storing a current operation state of the own device in accordance with a state transition model defining transition between a plurality of operation states of the own device according to any one or more of an input signal from an outside and the current value of the flag; converting a detection rule, which describes a correspondence relationship between communication data indicating request communication and communication data indicating response communication to the request communication, into an allowed communication list registering in advance communication data for which communication is allowed for each of the plurality of operation states; and determining whether communication data input to the own device is communication data in the current operation state registered in the allowed communication list by using any one or more of the current operation state of the own device, the allowed communication list, and the current value of the flag, to thereby determine whether the communication data input to the own device is normal or abnormal, wherein the method includes, when converting the detection rule into the allowed communication list: assigning a flag to each of the request communication and the response communication, between which the correspondence relationship is described in the detection rule; and describing, in the allowed communication list, details of a flag operation specifying a set value to be set to the flag and a flag condition for determining whether the set value is set in the flag, in association with each other, and wherein the method includes: setting the set value in the flag in accordance with the details of the flag operation after determining that communi