MONITORING DEVICE, MONITORING METHOD AND MONITORING PROGRAM

WIPO Patent Application WO/2018/186242

A1

In order to detect traffic abnormality with swiftness and high accuracy using flow information, an acquisition unit (15a) acquires a packet indicating flow information that a network apparatus outputs at a predetermined sampling rate, and a determination unit (15b) determines abnormality if, with respect to each predetermined traffic pattern, the sampling error rate is a predetermined upper limit or less, and the number of packets acquired during a predetermined count period before the present time or the mean value per unit time of the number of packets is a predetermined detection threshold or more.

KURAKAMI HIROSHI (JP)

PCT/JP2018/012566

October 11, 2018

March 27, 2018

Click for automatic bibliography generation  

NIPPON TELEGRAPH & TELEPHONE (JP)

H04L12/70

US20050210533A1	2005-09-22
US6182157B1	2001-01-30
JP2003069661A	2003-03-07

PHAAL, P. ET AL.: "Packet Sampling Basics", 31 October 2016 (2016-10-31), XP002350604, Retrieved from the Internet [retrieved on 20180604]
TAJIMA, HIROTAKA ET AL.: "Pragmatic NetFlow/sFlow configuration", JANOG23, JAPAN NETWORK OPERATOR'S GROUP MEETING, GREEN HALL IN KOCHI PREFECTURAL CULTURE HALL, 22-23 JANUARY 2009, 23 January 2009 (2009-01-23), pages 1 - 39, XP009516761, Retrieved from the Internet
NFDUMP, 2014, Retrieved from the Internet
FSTNETMON DDOS DETECTION TOOL, 27 February 2017 (2017-02-27), Retrieved from the Internet
PACKET SAMPLING BASICS, 3 March 2017 (2017-03-03), Retrieved from the Internet
See also references of EP 3591910A4

SAKAI INTERNATIONAL PATENT OFFICE (JP)

View/Download PDF      PDF Help

Previous Patent: MULTILAYER BODY, REFLECTION PREVENTING ARTICLE HAVING THREE-DIMENSIONAL CURVED SURFACE, AND METHOD F...

Next Patent: POLARIZER PRODUCTION METHOD