| 摘要 |
In order to generate an appropriate classification rule, this information processing device includes: a cluster analysis means for determining, on the basis of communication information included in an alert, a cluster identifier that indicates a cluster in which the alerts are classified, receiving a classification result that indicates whether an alert is true positive or false positive, and generating alert information including the alert, the cluster identifier, and the classification result; a rule generation means for calculating the number of occurrences of a pattern in the alert information that includes at least the cluster identifier in a combination with information included in the alert information, extracting a frequent pattern for which the number of occurrences is greater than a prescribed threshold value, generating on the basis of the extracted frequent pattern a classification rule used for setting or updating a classification result associated with an alert, and updating an old classification rule generated in the past with a newly generated classification rule; and a rule application means for setting or updating a classification rule included in the alert information on the basis of the classification rule. |
