| 发明名称 | Apparatus and method for detecting an attack in a computer network | ||
| 摘要 | Upon acquiring first data transmitted from an outside of a predetermined range in a network, an apparatus stores, in a memory, first information including transmission source and destination addresses of the first data. Upon acquiring second data addressed to an inside of the predetermined range and indicating predetermined communication data of service initiation, the apparatus extracts the first information including as the transmission source address a source address of the second data, and stores, in the memory, second information indicating a service initiation and including a destination address of the second data, in association with the first information. When the second information including as the transmission destination address a source address of the second data is stored in the memory and a destination address of the second data coincides with the transmission source address in the first information associated with the second information, the apparatus notifies detection of an attack. | ||
| 申请公布号 | US9055096(B2) | 申请公布日期 | 2015.06.09 |
| 申请号 | US201414291168 | 申请日期 | 2014.05.30 |
| 申请人 | FUJITSU LIMITED | 发明人 | Yamada Masahiro;Morinaga Masanobu;Fujishima Yuki |
| 分类号 | G06F11/00;H04L29/06 | 主分类号 | G06F11/00 |
| 代理机构 | Staas & Halsey LLP | 代理人 | Staas & Halsey LLP |
| 主权项 | 1. An apparatus comprising: a memory configured to store information on communication data; and a processor configured: to acquire the communication data;to store, when the acquired communication data meets a first condition including a condition that the acquired communication data is first communication data transmitted from an outside of a predetermined range in a network, in the memory, first information regarding an external communication and including transmission source and destination addresses of the first communication data,to extract, when the acquired communication data meets a second condition including a condition that the acquired communication data is second communication data that is addressed to an inside of the predetermined range and indicates predetermined communication data of service initiation, from the memory, the first information including as the transmission source address a source address of the acquired communication data, and store, in the memory in association with the first information, second information indicating a service initiation and including a destination address of the second communication data, andto determine, when the acquired communication data is addressed to an outside of the predetermined range, whether the acquired communication data meets a third condition including a condition that the second information including as the transmission destination address a source address of the second communication data is stored in the memory and a destination address of the second communication data is coincident with the transmission source address included in the first information associated with the second information, and notify detection of an attack when it is determined that the acquired communication data meets the third condition. | ||
| 地址 | Kawasaki JP | ||