Attacking node detection apparatus, method, and non-transitory computer readable storage medium thereof

Assignee

• INSTITUTE FOR INFORMATION INDUSTRY · TW

Inventors

• Chia-Min Lai · New Taipei, TW
• Ching-Hao Mao · Taipei, TW
• Chih-Hung Hsieh · New Taipei, TW
• Te-En Wei · Taipei, TW
• Chi-Ping Lai · Chunri, TW

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2135
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An attacking node detection apparatus, method, and computer program product thereof are provided. The attacking node detection apparatus stores a plurality of access records of an application, wherein each access record includes a network address of a host and an access content. The attacking node detection apparatus filters the access records into a plurality of filtered access records according to a predetermined rule so that the access content of each filtered access record conforms to the predetermined rule. The attacking node detection apparatus creates at least one access relation of each of the network addresses according to the filtered access records, wherein each access relation is defined by one of the network addresses and one of the access contents. The attacking node detection apparatus identifies a specific network address as an attacking node according to the access relations.