摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a technique capable of extracting a region having a high possibility that pieces of attack information collected by different honeypots are mixed. <P>SOLUTION: Attack information is received, and a combination of the attack information and the type of a decoy system that has collected the attack information is stored in an attack information management table. An attack information analyzer is inquired about a cluster to which the attack information belongs so as to perform clustering of the attack information, and a cluster identifier representing the cluster to which the attack information belongs is stored in the attack information management table. In a case where, in a cluster management table storing a combination of cluster identifiers and cluster attributes representing whether or not pieces of attack information belonging to the clusters have been obtained from plural types of decoy systems, the clustering has resulted in a change in correspondences between the cluster identifiers and the cluster attributes, the cluster management table is altered. <P>COPYRIGHT: (C)2013,JPO&INPIT</p> |