首页> 外国专利> LOG ANALYSIS DEVICE, ATTACK DETECTION DEVICE, ATTACK DETECTION METHOD AND PROGRAM

LOG ANALYSIS DEVICE, ATTACK DETECTION DEVICE, ATTACK DETECTION METHOD AND PROGRAM

机译:日志分析设备,攻击检测设备,攻击检测方法和程序

摘要

There are provided a storage unit (12) that stores a profile that is a criteria for determining whether it is an attack on an information processing apparatus, a parameter extracting unit (31) that extracts each parameter from an access request, a character-string class converting unit (32) that, with regard to each parameter, compares each part of a parameter value with a previously defined character string class, replaces the part with a longest matching character string class, and conducting conversion for a class sequence that is sequentially arranged in order of replacement, a profile storing unit (43) that stores, as a profile in the storage unit (12), a class sequence with the appearance frequency of equal to or more than a predetermined value in the above-described group of class sequences with regard to the access request of the normal data as learning data, and a failure detecting unit (53) that determines the presence or absence of an attack in accordance with the degree of similarity between the above-described class sequence and the profile with regard to the access request as the analysis target.
机译:提供了一种存储单元(12),该存储单元(12)存储作为用于确定是否是对信息处理设备的攻击的标准的配置文件,从访问请求中提取每个参数的参数提取单元(31),字符串。类转换单元(32),其针对每个参数,将参数值的每个部分与预先定义的字符串类进行比较,用最长匹配的字符串类替换该部分,并进行顺序转换的类序列以替换顺序排列的配置文件存储单元(43),将出现频率等于或大于预定值的类别序列存储在存储单元(12)中作为配置文件存储在存储单元(12)中。与作为学习数据的普通数据的访问请求有关的分类序列,以及故障检测单元(53),故障检测单元根据故障的程度确定攻击的存在与否。关于访问请求作为分析目标,上述类序列和简档之间的相似性。

著录项

相似文献

  • 专利
  • 外文文献
  • 中文文献
获取专利

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号