| 摘要 |
PROBLEM TO BE SOLVED: To detect an operation upon equipment without installing any application in the equipment.SOLUTION: An operation pattern extraction part 12 calculates a feature amount for each protocol from a packet of target equipment during a preparation period before extracting an operation and generates a feature vector including the feature amount as an element. Further, the feature vector is clustered, and a center vector of the clusters is generated and made correspondent to a corresponding operation name in an operation name database 16. When detecting the operation, in an operation detection part 13, a feature vector is generated from the packet of the target equipment, similarity to the center vector is calculated and if a maximum value of the similarity is equal to or greater than a threshold value, the operation name corresponding to the center vector is read out. |
