摘要 |
<p>PROBLEM TO BE SOLVED: To implement the configuration capable of effectively blocking even the communication to the destination that is set by unknown malware.SOLUTION: A relay-apparatus-log analysis apparatus 132 periodically receives log data from a relay apparatus 112. When detecting traffic abnormality in an intranet 103, an abnormality detection apparatus 131 reports the IP address of a terminal device that has caused the abnormality to the relay-apparatus-log analysis apparatus 132. The relay-apparatus-log analysis apparatus 132 analyzes traffic information generated by a router apparatus 121 or other apparatuses to determine the time of occurrence of the traffic abnormality, analyzes the log data from the relay apparatus 112 on the basis of the time of occurrence of the traffic abnormality and the IP address of the terminal device that has caused the abnormality, determines an address accessed by the terminal device that has caused the abnormality, identifies the determined address as the communication destination of the malware, and configures the relay apparatus 112 so as to block packets with the destination set to that address.</p> |