LOG ANALYSIS DEVICE, ATTACK DETECTION DEVICE, ATTACK DETECTION METHOD AND PROGRAM

摘要

There are provided a storage unit (12) that stores a profile that is a criteria for determining whether it is an attack on an information processing apparatus, a parameter extracting unit (31) that extracts each parameter from an access request, a character-string class converting unit (32) that, with regard to each parameter, compares each part of a parameter value with a previously defined character string class, replaces the part with a longest matching character string class, and conducting conversion for a class sequence that is sequentially arranged in order of replacement, a profile storing unit (43) that stores, as a profile in the storage unit (12), a class sequence with the appearance frequency of equal to or more than a predetermined value in the above-described group of class sequences with regard to the access request of the normal data as learning data, and a failure detecting unit (53) that determines the presence or absence of an attack in accordance with the degree of similarity between the above-described class sequence and the profile with regard to the access request as the analysis target.