摘要 |
An attack detection device (6) collects packets the transmission source or transmission destination of which is a device to be protected (5), provides an entry for each of the collected packets, and generates packet information by describing attribute data of the packet together with the time of generation of the packet in each of the entries. Further, the attack detection device (6) stores definition information in which an extraction time duration and an extraction condition are defined for each type of attack. When a packet that falls under any of the types is detected by a security device (4), the attack detection device (6) selects, as a selected extraction time duration and a selected extraction condition, the extraction time duration and extraction condition of the type of the detected detection packet, designates an extraction time zone corresponding to the selected extraction time duration from the time of generation of the detection packet, extracts from the packet information an entry in which the time of generation is included in the extraction time zone and of which the attribute data matches the selected extraction condition, and determines the presence or absence of an attack on the device to be protected (5) on the basis of the result of the extraction. |