Title:
INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING PROGRAM
Document Type and Number:
WIPO Patent Application WO/2020/075333
Kind Code:
A1
Abstract:
This information processing device (10) includes: an element extraction unit (151) which extracts, for each input log, an element pertaining to a behavior of an attacker; a generation unit (152) which generates a parsing apparatus for detecting, from a log, a log column having the characteristics corresponding to a behavior defined in definition information on the basis of the definition information that defines the behavior of the attacker by using formal grammar; a parsing unit (153) which detects, by using the parsing apparatus, the log column having the characteristics corresponding to the behavior defined in the definition information from a log formed from the elements extracted from the element extraction unit; and a reconstruction unit (154) which reconstructs the log column detected by the parsing apparatus, adds a label representing the behavior defined in the definition information to each log column after the reconstruction, and outputs the label-added log column as the log corresponding to a series of behaviors of the attacker.
Inventors:
CHIDA NARIYOSHI (JP)
KANEMOTO YO (JP)
AOKI KAZUFUMI (JP)
KANEMOTO YO (JP)
AOKI KAZUFUMI (JP)
Application Number:
PCT/JP2019/019976
Publication Date:
April 16, 2020
Filing Date:
May 20, 2019
Export Citation:
Assignee:
NIPPON TELEGRAPH & TELEPHONE (JP)
International Classes:
G06F21/55
Domestic Patent References:
| WO2014045827A1 | 2014-03-27 |
Foreign References:
| US20080010680A1 | 2008-01-10 |
Other References:
YAMAGUCHI, SATOSHI ET AL.: "Exploiting the application-layer context for precise NIDS. IPSJ SIG Technical Report", NIDS, vol. 2005, no. 79, 3 August 2005 (2005-08-03), pages 9 - 16, XP055702247
Attorney, Agent or Firm:
SAKAI INTERNATIONAL PATENT OFFICE (JP)
Download PDF: