| 摘要 |
PROBLEM TO BE SOLVED: To provide an abnormality detection method that dynamically creates monitoring rules during operation without defining information on communication to be monitored (monitoring rules) in advance, and further, that does not take too much time to perform collection processing and abnormality determination processing even if the amount of information to be monitored is huge.SOLUTION: A network abnormality detection system detects abnormality in communication in a communication system in which a plurality of communication devices communicate via a communication network. The network abnormality detection system creates the duplicate of packets transmitted through prescribed measurement places in the communication network, calculates communication statistic information at each measurement place from the duplicate packets, analyzes the communication statistic information at one or more places, and detects the occurrence of communication abnormality. |
