摘要 |
<P>PROBLEM TO BE SOLVED: To apply security protection to a control system in an important infrastructure, etc. <P>SOLUTION: An abnormality detecting device 150 in the invention comprises: an identification part 152 for receiving event information that arises within a control network 130, referring to a configuration management database 170 that maintains a dependence relationship between resources (110, 120, etc.) including a control system 102 and between processes, and identifying a group to which a resource pertaining to the event information belongs; a policy storage part 160 for storing one or more policies to associate conditions for regulating a situation suspected of having abnormality with one or more actions; an addition part 156 for acquiring group-related information to be required in applying the policies, and adding the acquired information to the event information; and a determination part 158 for applying the event information to the policies, and determining an action to be associated with the corresponding conditions as an action to be executed. Then, the abnormality detecting device 150 detects abnormality in the control network 130. <P>COPYRIGHT: (C)2012,JPO&INPIT |