FEATURE QUANTITY EXTRACTING METHOD FOR DETECTING ABNORMALITY OF NETWORK, PROGRAM FOR ALLOWING COMPUTER TO EXECUTE THE METHOD, FEATURE QUANTITY EXTRACTING APPARATUS, AND NETWORK ABNORMALITY DETECTING SYSTEM

摘要

PROBLEM TO BE SOLVED: To provide a feature quantity extracting method for detecting abnormality of a network or the like enhancing detection accuracy of an illegitimate access such as an attack by using an abnormality detection system.;SOLUTION: The method segments an observation slot by a feature quantity extracting section 13a on the basis of an event including traffic such as a SYN packet as a feature quantity capturing a quantitative change in the traffic delivered from the Internet 11 to a network of a LAN 12 to extract the feature quantity. A data generating section 13b generates a distribution pattern of the traffic on the basis of the feature quantity, and the feature quantity extracting apparatus compares a distribution pattern in an ordinary state of the network with a distribution pattern in operation to detect the abnormality state of the network.;COPYRIGHT: (C)2005,JPO&NCIPI