摘要 |
<P>PROBLEM TO BE SOLVED: To efficiently extract an authorized packet. <P>SOLUTION: A packet capture unit 100 obtains a packet communicated in a lower network, and classifies the captured packet into one of multiple types based on relation with the communication direction with a firewall. A packet inspection unit 102 inspects and determines whether there exists in a packet information memory 106 a response packet corresponding to a packet heading for an upper network from the lower network classified by the packet capture unit 100. The packet inspection unit 102 stores determination results of whether the response packet exists or not together with the packet in the packet information memory 106. When determination information for the packet stored in the packet information memory 106 is non-correspondence, a memory management unit 104 determines "unexpected communication" and outputs it to a log memory 108. <P>COPYRIGHT: (C)2012,JPO&INPIT |