摘要 |
PROBLEM TO BE SOLVED: To detect the occurrence of a targeted attack when an attacker is allowed to intrude into an intra-organization network.SOLUTION: An illegal intrusion detection device comprises: decoy generation means for generating a decoy in an apparatus accessible via a network; log collection means for collecting logs of access control on the decoy generated by the decoy generation means; and log analysis means for detecting intrusion of an attacker on the basis of the matching of a behavior pattern database that stores a behavior pattern indicating the event pattern of access control observed when an attacker intrudes into the network, the event pattern of access control on the decoy included in the logs collected by the log collection means, and the behavior pattern stored in the behavior pattern database.SELECTED DRAWING: Figure 2 |