Log analyzing device, attack detecting device, attack detection method, and program

Assignee

• NIPPON TELEGRAPH AND TELEPHONE CORPORATION · JP

Inventors

• Yang Zhong · Nanhu, CN
• Hiroshi Asakura · Musashino, JP
• Shingo Orihara · Musashino, JP
• Kazufumi Aoki · Musashino, JP

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N20/00
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A device including: a parameter extracting unit that extracts each parameter from an access request, a character-string class converting unit that, with regard to each parameter, compares each part of a parameter value with a previously defined character string class, replaces the part with a longest matching character string class, and conducting conversion for a class sequence that is sequentially arranged in order of replacement, a profile storing unit that stores, as a profile in a storage unit, a class sequence with the appearance frequency of equal to or more than a predetermined value in the above-described group of class sequences with regard to the access request of the normal data as learning data, and a failure detecting unit that determines the presence or absence of an attack in accordance with the degree of similarity between the above-described class sequence and the profile with regard to the access request.