摘要 |
PROBLEM TO BE SOLVED: To provide a security monitoring system and a security monitoring method that make a quick response possible if they have detected unauthorized access, an unauthorized program, or the like, and that do not prevent normal operation of a control system due to erroneous detection.SOLUTION: A security monitoring system 100 obtains communication packets in a segment 3 forming a control system 1, and extracts a communication packet a feature value included in which is different from a normal value among the obtained packets to generate communication event information 150. Then, the security monitoring system 100 checks the communication event information 150 with an event pattern indicating a feature of unauthorized access and the like, and thereby predicts the degree of influence on the control system 1 by the communication packet which is extracted as the communication event information 150. |