Title:
EXTRACTION DEVICE, EXTRACTION METHOD, AND EXTRACTION PROGRAM
Document Type and Number:
WIPO Patent Application WO/2022/239147
Kind Code:
A1
Abstract:
An extraction device (10) collects log groups from a computer under investigation. The extraction device (10) then refers to a rule in which a plurality of signatures indicating attacks on computers are arranged in an order characteristic of the attacks, and extracts log groups matching any of the signatures from the collected data. The extraction device (10) then extracts, from among the extracted log groups, each log group for which the maximum length common subsequence between the chronological signature sequence matched by the logs of the log group and the signature sequence indicated in the rule is the longest. The extraction device (10) then calculates, for each log group for which the maximum length common subsequence with respect to the signature sequence indicated in the rule is the longest, the variance value of the time difference between chronologically adjacent logs in the log group. The extraction device (10) then outputs, as an attack trace candidate, the maximum length common subsequence of the log group for which the variance value is the smallest among the extracted log groups.
Inventors:
OCHI YUKI (JP)
HISADA YUSUKE (JP)
HISADA YUSUKE (JP)
Application Number:
PCT/JP2021/018049
Publication Date:
November 17, 2022
Filing Date:
May 12, 2021
Export Citation:
Assignee:
NIPPON TELEGRAPH & TELEPHONE (JP)
International Classes:
G06F21/55
Domestic Patent References:
| WO2016147944A1 | 2016-09-22 | |||
| WO2018159362A1 | 2018-09-07 |
Attorney, Agent or Firm:
SAKAI INTERNATIONAL PATENT OFFICE (JP)
Download PDF: