Analysis method, analysis device and analysis program
US10516685B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 25, 2016 |
| Grant date | Dec 24, 2019 |
| Priority date | — |
| Expiry date | Jul 25, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In order to detect an attack to a web application accurately by accurately correlating different types of events having occurred in the same server, an event acquiring unit acquires a log of events containing a HTTP request to a server, an event correlator creates a set of the request and events relevant to the request as an event block by using process IDs of processes having processed events contained in the log, and an attack detector contrasts the event block that is created from the log of events in which an attack is to be detected with an event block that is created from normal events to calculate a degree of similarity and, when the degree of similarity is equal to or lower than a threshold, detects the event block as an event block containing an event that is abnormal due to an attack.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.