| 发明名称 |
NETWORK MONITORING APPARATUS, NETWORK MONITORING METHOD, AND NETWORK MONITORING PROGRAM |
| 摘要 |
A network monitoring apparatus includes a log collecting unit and a log analyzing unit. The log collecting unit collects log information related to passing packets from at least one of a FW and a proxy server, which are included in a network, for packets transferred in the network. The log analyzing unit extracts log information satisfying a predetermined condition in a predetermined time period by analyzing, over time, the log information collected by the log collecting unit. |
| 申请公布号 |
US2016014146(A1) |
申请公布日期 |
2016.01.14 |
| 申请号 |
US201414769666 |
申请日期 |
2014.02.21 |
| 申请人 |
NIPPON TELEGRAPH AND TELEPHONE CORPORATION |
发明人 |
NAKATA Kensuke |
| 分类号 |
H04L29/06;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A network monitoring apparatus, which is provided in a network that includes a FireWall provided on at least one of a connection point with an external network and an internal segment dividing point and a proxy server for Web access and that transfers IP packets, and which detects communication suspected to be unauthorized, the network monitoring apparatus comprising:
a log collecting unit that collects and stores log data from at least one of the FireWall and the proxy server; and a log analyzing unit that makes inquiry for log data to the log collecting unit, analyzes, according to a set analysis condition, the log data, and outputs a result of the analysis, wherein the log data stored by the log collecting unit are information including at least one of: 5-tuples; transmitted sizes; received sizes; information extracted from http headers; and time stamps, and the information extracted from http headers includes at least one of: destination URLs; User-Agent; and request methods. |
| 地址 |
Chiyoda-ku Tokyo JP |
