ILLICIT COMMAND/DATA DETECTING SYSTEM, ILLICIT COMMAND/DATA DETECTING METHOD AND ILLICIT COMMAND/DATA DETECTING PROGRAM

摘要

PROBLEM TO BE SOLVED: To defend against an attack by an illicit command or data of a new pattern.;SOLUTION: A signature table 25 stores a signature for characterizing the illicit command/data. A heuristic inspection means 22 has a decision criterion for inspecting whether or not an inspection object command/data includes characteristic appearing in the illicit command/data and an evaluation value for indicating a probability for expressing command/data illicit in this characteristic. A signature inspection means 21 determines the command/data as illicit when the command/data includes the signature, and delivers the command/data to the heuristic inspection means 22 when the command/data does not include the signature. The heuristic inspection means 22 inspects the command/data in a plurality of decision criteria, and determines a value as illicit when the sum of the evaluation values of the decision criteria including the characteristics exceeds an evaluation threshold, and stores the command/data in a log file 23. A signature extracting means 24 stores the signature exceeding an inspection threshold on the appearing number of the same signature in the log file 23 in a signature table 25.;COPYRIGHT: (C)2004,JPO