INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM

Title:

INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM

Document Type and Number:

WIPO Patent Application WO/2023/175953

Kind Code:

A1

Abstract:

This information processing device comprises: an extraction unit that extracts a first protocol and a port number from vulnerability explanation information; a first determination unit that (a) extracts a second protocol and a destination port number from a log obtained by an observation device performing communication using the first protocol and the port number, (b) uses the second protocol and the destination port number to find, during a preset determination period, the number of communication events in each of a plurality of sampling periods set in advance, and generates frequency distribution information, (c) calculates curve information by executing a smoothing process on the frequency distribution information, (d) calculates a processing result by executing a definite integral process on the curve information, and (e) determines the presence or absence of an actual attack using the processing result and a threshold; and a severity evaluation unit that calculates severity on the basis of abuse case presence/absence information included in vulnerability information, and the result of determining the presence or absence of an actual attack.

Inventors:

KAWAKITA MASARU (JP)

Application Number:

PCT/JP2022/012784

Publication Date:

September 21, 2023

Filing Date:

March 18, 2022

Export Citation:

Click for automatic bibliography generation Help

Assignee:

NEC CORP (JP)

International Classes:

G06F21/57

Domestic Patent References:

WO2019003373A1

2019-01-03

Foreign References:

JP2020113090A

2020-07-27

Other References:

TSUJIMOTO, MAKIKO; ASHINO, YUKI; NAKAMURA, YASUHIRO: "Access Pattern Modeling and Analysis for Minus-Day Detection of Zero-Day Attacks -Focusing Source Address Which Obsessed with a Specific Port", COMPUTER SECURITY SYMPOSIUM 2020; OCTOBER 26-29, 2020, INFORMATION PROCESSING SOCIETY OF JAPAN (IPSJ), vol. 2020, 19 October 2020 (2020-10-19) - 29 October 2020 (2020-10-29), pages 1002 - 1009, XP009549602

Attorney, Agent or Firm:

BRIGHTAS IP ATTORNEYS (JP)

Download PDF:

View/Download PDF PDF Help

Previous Patent: SNOWBLOWER

Next Patent: INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM