摘要 |
PROBLEM TO BE SOLVED: To provide a log analyzing device that identifies communication devices suffering a brute force attack to attack intermittently changing attack sources to a plurality of attack destinations, and groups communication devices suffering such an attack by analyzing a short-period log of a security device in order to take measures against the attack.SOLUTION: A log analyzing device classifies a plurality of attacked communication devices suffering an attack from attacking communication devices on the basis of a log collected from a network device. The log analyzing device includes a correlation coefficient calculation unit that calculates a correlation coefficient between detection time of the attack detected by the network device and the number of attacks in a period when the attacks have been done including the detection time on the basis of the log regarding a combination of a plurality of attacked communication devices; and an extraction unit that extracts, as a high correlation communication device group, a combination of a plurality of attacked communication devices whose correlation coefficient is equal to and more than a prescribed threshold value and whose attacking communication device is the same in the period. |