Attack detecting device, attack detection system and attack detection method

摘要

PROBLEM TO BE SOLVED: To allow for appropriate detection of network attack, detection of which is difficult by simple comparison of the packet count of flow with a threshold.SOLUTION: A server device 3 has a packet count information acquisition unit 311 for acquiring, from a transfer device having a packet count function, packet count information associating the count of packets of a monitoring object flow passed through the transfer device with each passing time of the packet of a counted monitoring object flow, a burst duration measurement unit 332 for measuring a burst duration where such a burst state as the packet interval of the monitoring object flow is less than a certain time interval continues, based on the packet count information, and an aggression detector 333 for detecting attack to the monitoring object flow, based on the comparison result the burst duration of the monitoring object flow measured by the burst duration measurement unit 332 and a predetermined threshold.SELECTED DRAWING: Figure 4