发明名称 |
ATTACK DETECTION DEVICE, ATTACK DETECTION METHOD, AND ATTACK DETECTION PROGRAM |
摘要 |
In a process in which an information system is attacked, event-stage information in which an event observed in the information system, a pre-event stage, and a post-event stage are written is stored for a plurality of events. Observed event notification information for notifying about an observed event observed by the information system is received. A search is made for the event-stage information in which the observed event notified by the observed event notification information is written, and a search is made for the event-stage information in which the post-event stage that matches the pre-event stage in the searched event-stage information or a pre-event stage that matches the post-event stage in the searched event-stage information is written; when the event in the searched event-stage information is an unobservable event, it is assumed that an unobservable event was observed, and the observed event and the unobservable event are connected by a dependency relationship to generate an event sequence. |
申请公布号 |
WO2015128896(A1) |
申请公布日期 |
2015.09.03 |
申请号 |
WO2014JP01000 |
申请日期 |
2014.02.26 |
申请人 |
MITSUBISHI ELECTRIC CORPORATION |
发明人 |
IJIRO, HIDEAKI;KAWAUCHI, KIYOTO |
分类号 |
G06F21/55 |
主分类号 |
G06F21/55 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|