ATTACK TRAFFIC DETECTING METHOD AND ATTACK TRAFFIC DETECTING DEVICE

摘要

PPROBLEM TO BE SOLVED: To reduce false detection and oversight of an attack packet by monitoring attacks at different monitoring intervals and setting a threshold of each different monitoring interval according to attack success or failure probability. PSOLUTION: In the attack traffic detecting method, a plurality of monitoring intervals are held and the monitoring intervals are defined as TSB1/SB, TSB2/SB, ..., TSBn/SBin the ascending order. When the attack success or failure probability is given to the number R of attack packet rates and an attack duration T using F(R, T), rSBi/SBthat satisfies F(rSBi/SB, TSBi+1/SBaSBi/SB)eSBi/SBis set in predetermined parameters aSBi/SBand eSBi/SBas a threshold rSBi/SBwith respect to the monitoring interval TSBi/SB. The acquired number of packets is divided by the monitoring interval TSBi/SBto calculate the number Ri of rates. When the number RSBi/SBof rates in the monitoring interval exceeds the threshold rSBi/SB, it is detected as attack traffic in any one of the plurality of monitoring intervals. PCOPYRIGHT: (C)2010,JPO&INPIT