Title:
DETECTION DEVICE, DETECTION METHOD, AND DETECTION PROGRAM
Document Type and Number:
WIPO Patent Application WO/2020/261582
Kind Code:
A1
Abstract:
A detection device (10) collects communication information in a network containing clients and servers, and uses the collected communication information to generate a matrix representing the access state of the clients with respect to the servers. The detection device (10) then aggregates a plurality of clients that have accessed a subject server, and generates, as a characteristic amount for the subject server, a statistical value for the degree of similarity of the matrices among the aggregated clients. Next, for a subject server for which it is known whether the server is a malicious server, the detection device (10) uses the generated characteristic amount to learn a model for determining whether a server is a malicious server. In addition, for a subject server for which it is not known whether the server is a malicious server, the detection device (10) uses the generated characteristic amount and the model to determine whether the subject server is a malicious server.
Inventors:
HU BO (JP)
KAMIYA KAZUNORI (JP)
ARAKI SHOHEI (JP)
KAMIYA KAZUNORI (JP)
ARAKI SHOHEI (JP)
Application Number:
PCT/JP2019/025987
Publication Date:
December 30, 2020
Filing Date:
June 28, 2019
Export Citation:
Assignee:
NIPPON TELEGRAPH & TELEPHONE (JP)
International Classes:
G06F21/55
Foreign References:
| JP2019047335A | 2019-03-22 | |||
| US9060018B1 | 2015-06-16 |
Attorney, Agent or Firm:
SAKAI INTERNATIONAL PATENT OFFICE (JP)
Download PDF: