| 摘要 |
When an attack on an information system is possibly carried out, a progress status of the attack is visualized to display a warning to a user, without using a correlation rule. A table storage unit 1001 stores a past case table indicating a phase string obtained by concatenating phase values indicating attack progress degrees according to an event occurrence pattern in a past case. A phase string generation unit 1002 obtains a phase string by concatenating phase values according to the occurrence pattern of events that have occurred in the information system. A similarity degree calculation unit 1003 calculates a similarity degree between the phase string obtained by the phase string generation unit 1002 and the phase string indicated in the past case table. An attack status visualization unit 1004 visualizes the progress status of the attack on the information system, based on the phase string obtained by the phase string generation unit 1002 and a result of calculation of the similarity degree by the similarity degree calculation unit 1003. |
