摘要 |
An attack detection device (1), provided with a packet collection unit (11) for collecting a packet transmitted from a user terminal (5) to a service providing server (4), a header information acquisition unit (12) for acquiring header information from the packet, and an attack detection unit (14) for determining, using the header information, whether each session is an attack session or not; the attack detection unit (14) comparing, for each session, the window size of a collected discretionary packet and the window size of another packet; and, when the comparison result satisfies a prescribed first criterion, detecting the session as an attack session. |