ATTACK DETECTION DEVICE, ATTACK DETECTION SYSTEM, ATTACK DETECTION METHOD, AND ATTACK DETECTION PROGRAM

摘要

PROBLEM TO BE SOLVED: To obtain an attack detection device capable of detecting cyber-attacks that exploit vulnerabilities in an early stage and reducing a processing load by adjusting an execution cycle of detection rules.;SOLUTION: The attack detection device includes: a vulnerability information record DB for storing vulnerability information detected in the past by the attack detection device; a vulnerability information acquisition unit for acquiring new vulnerability information; a configuration information DB for storing configuration information regarding a plurality of component devices; a target device determination unit for determining a vulnerable component device as a target device from the new vulnerability information and the configuration information; a detection rule determination unit for determining a detection rule in which the target device and a component device match from the determination result of the target device determination unit and the detection rule; a risk value calculation unit for calculating a risk value of the vulnerability from the new vulnerability information; and an execution cycle updating unit for updating so that the execution cycle of performing the detection rule determined in accordance with the increase in the risk value is shortened.;SELECTED DRAWING: Figure 1;COPYRIGHT: (C)2020,JPO&INPIT