摘要 |
PROBLEM TO BE SOLVED: To provide a technique which allows reduction in labor, time and resources required for data analysis to take countermeasures against security violation for quick and efficient analysis and detection.SOLUTION: A data analysis system includes: a data collection part for collecting log data including numerical data of resource state measurement values from a computing machine of a control target system; an analysis target determination part for determining log data to be narrowed down as an analysis target by analyzing the numerical data on the basis of rule information; and a data analysis part for performing analysis processing to the log data narrowed down as the analysis target so as to detect a security violating activity. The analysis target determination part compares feature amounts of determination target computing machine and time zones with reference values of comparison object computing machine and time zones, makes a determination as an abnormal condition when rules are satisfied, and determines the computing machine, time zone(s) and log data corresponding to the abnormal condition as the analysis target.SELECTED DRAWING: Figure 2 |