| 摘要 |
<P>PROBLEM TO BE SOLVED: To provide a technology for implementing countermeasures for each node group by grouping and handling attack nodes, having similar features, as a node group. Ž<P>SOLUTION: An attach node group determining apparatus 12 acquires an event log basic parameter extracted from an event log acquired and attribute information relating to the event log basic parameter (S105-S109). Then, clustering is performed upon a space including a part of or all the acquired attribute information and event log basic parameter as dimensions, a cluster is calculated and the cluster information and its coping method are transmitted to an FW (router) 11 (S110-S113). When an attach packet is newly detected from an attach node group 60, the FW (router) 11 specifies a cluster including the packet and performs a coping method corresponding thereto on the overall specified cluster (S115). Ž<P>COPYRIGHT: (C)2010,JPO&INPIT Ž
|
