| 发明名称 | Log analysis device and method | ||
| 摘要 | A log analysis device that classifies, based on a log collected from a network device, a plurality of attack target communication devices receiving attacks from an attack source communication device includes a correlation coefficient calculation unit that calculates, based on the log, a correlation coefficient relating to the number of the attacks in a time period during which the attacks were carried out for a combination of the plurality of attack target communication devices, the time period including a detection time at which and the detection period of time during which the network device detected the attack, and an extraction unit that extracts, as a high-correlation communication device group, a combination of the plurality of attack target communication devices, for which the correlation coefficient is equal to or greater than a prescribed threshold and of which the attack source communication device is identical in the time period. | ||
| 申请公布号 | US9407649(B2) | 申请公布日期 | 2016.08.02 |
| 申请号 | US201414482120 | 申请日期 | 2014.09.10 |
| 申请人 | FUJITSU LIMITED | 发明人 | Honda Satomi;Fujishima Yuki;Takenaka Masahiko;Torii Satoru |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Fujitsu Patent Center | 代理人 | Fujitsu Patent Center |
| 主权项 | 1. A log analysis device that classifies, based on a log collected from a network device, a plurality of attack target communication devices encountering attacks from an attack source communication device, the log analysis device comprising: a storage configured to store the log; and a processor configured to execute a process including calculating, based on the log stored in the storage, a correlation coefficient relating to the number of the encountered attacks in a time period during which the encountered attacks were carried out for a combination of the plurality of attack target communication devices, the time period including a detection time at which and a detection period of time during which the network device detected each of the encountered attacks, andextracting, as a high-correlation communication device group, a combination of the plurality of attack target communication devices, for which the correlation coefficient is equal to or greater than a prescribed threshold and of which the attack source communication device is identical in the time period, wherein the extracting the high-correlation communication device group includes extracting the high-correlation communication device group by extracting a clique from a graph that includes a vertex corresponding to information relating to the number of the encountered attacks in a time period, during which the encountered attacks were carried out and which includes the detection time and the detection period of time of each of the encountered attacks encountered by the plurality of attack target communication devices, and an edge given between vertexes corresponding to two of the plurality of attack target communication devices having a correlation coefficient equal to or greater than the prescribed threshold. | ||
| 地址 | Kawasaki JP | ||