While the digitalization and communication networking in nuclear power plants are progressing and improving the convenience and efficiency, the threat of cyber-attacks is also increasing dramatically, and the security measures in nuclear power plants are becoming very important. In the security measures of nuclear power plants, measures against internal threats are especially important. Since it is difficult to prevent internal threats completely due to their nature, one of the measures against internal threats is to clarify the cause and the scope of influence promptly when an incident occurs. We developed a method to collect the necessary information simply and reliably without affecting the performance of the system, and confirmed its performance by conducting performance tests in an environment that simulates the control network configuration of a nuclear power plant.