PROBLEM TO BE SOLVED: To reduce a time spent from attack by an attack packet to its treatment and to reliably hold a trail of the attack.;SOLUTION: This traffic abnormality detection system is provided with: one or more repeating means for repeating a communication packet given to/received from each external network; one or more packet information holding means for holding passage history of each of the repeating means; an attack detection means for detecting flow in of the attack packet; a packet passage inquiry means for inquiring about whether or not the attack packet has passed through each repeating means when the attack is detected; a packet passage detecting means for referring to communication history of the packet information holding means in response to the inquiry and detecting the passage of the attack packet in each repeating means; and an invasion entrance specifying means for specifying a repeating means which has become an invasion entrance of the attack packet on the basis of the detection result from the packet passage detecting means about whether or not the attack packet has passed in each repeating means.;COPYRIGHT: (C)2008,JPO&INPIT
展开▼