Title:
攻撃情報管理システム、攻撃情報管理装置、攻撃情報管理方法及びプログラム
Document Type and Number:
Japanese Patent JP5650617
Kind Code:
B2
Abstract:
PROBLEM TO BE SOLVED: To provide a technique capable of extracting a region having a high possibility that pieces of attack information collected by different honeypots are mixed.SOLUTION: Attack information is received, and a combination of the attack information and the type of a decoy system that has collected the attack information is stored in an attack information management table. An attack information analyzer is inquired about a cluster to which the attack information belongs so as to perform clustering of the attack information, and a cluster identifier representing the cluster to which the attack information belongs is stored in the attack information management table. In a case where, in a cluster management table storing a combination of cluster identifiers and cluster attributes representing whether or not pieces of attack information belonging to the clusters have been obtained from plural types of decoy systems, the clustering has resulted in a change in correspondences between the cluster identifiers and the cluster attributes, the cluster management table is altered.
Inventors:
八木 毅
針生 剛男
針生 剛男
Application Number:
JP2011223722A
Publication Date:
January 07, 2015
Filing Date:
October 11, 2011
Export Citation:
Assignee:
日本電信電話株式会社
International Classes:
H04L12/70; H04L12/24
Attorney, Agent or Firm:
Naoki Nakao
Yukio Nakamura
Munehiro Yoshimura
Yukio Nakamura
Munehiro Yoshimura