| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide an abnormal traffic detection method, capable of monitoring with a small memory capacity, by monitoring data in the upper N field value important as a monitoring object and counter value data, thereby detecting abnormality in a time series thereof. <P>SOLUTION: The method includes a step for acquiring traffic data; a step for specifying at least one field to be monitored and a counter type to the above field; from the acquired traffic data, a step for calculating, at predetermined time intervals, the upper N (N≥2) field values to the specified counter in the specified field and the counter value thereof; a step for storing the calculated upper N field value and the counter values thereof, and for calculating the degree of resemblance between the newly calculated data and the past data; and if the calculated degree of resemblance is lower than a predetermined threshold, a fifth step for issuing an alarm as abnormality, and extracting a field value estimated to be a cause of the degraded degree of resemblance. <P>COPYRIGHT: (C)2008,JPO&INPIT</p> |
