LOG ANALYSIS DEVICE, ATTACK DETECTION DEVICE, ATTACK DETECTION METHOD AND PROGRAM

摘要

The log analysis device has: storage unit (12), and for storing a profile, which determines whether there is standard attack information processing unit; Parameter extraction unit (31), these parameters from extract access request; Character string class converting unit (32), for each parameter, more each parameter value and predefined character string class, instead of the component and the character string class to matching length maximum, therefore conversion parameter is class's pupil's handbook in replacement sequence; Profil storage unit (43), it, together just frequently as learning data, stores the frequency occurred in those list of categories in storage unit (12) and is greater than or equal to specified value as profile from one group of list of categories loop-around data access request; With abnormality detecting unit (53), determine whether request is the attack analyzed, according to the above-mentioned class's pupil's handbook of similarity and above-mentioned profile.