| 发明名称 |
INFORMATION PROCESSOR, INFORMATION PROCESSING SYSTEM, PROGRAM, AND RECORDING MEDIUM |
| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To detect communication to be performed by a bot-infected device with a command server. <P>SOLUTION: An already known information storage part 100 stores a port number to be used for transmitting an attack packet. A communication history storage part 102 stores a communication history including a communication process started when executing communication as the object of monitoring and a port number used by communication by the communication process. A time decision part 107a decides whether or not the creation time or update time of the execution file of the communication processor is included in a prescribed period based on an attack time. A port number decision part 107b decides whether or not the port numbers are matched. A communication history extraction part 107c extracts the communication history including the communication process in which the creation time or update time of the execution file is decided to be included in the prescribed period and the port number decided not to be matched with the port number stored in the already known information storage part 100 from among the communication histories. <P>COPYRIGHT: (C)2010,JPO&INPIT</p> |
| 申请公布号 |
JP2010009187(A) |
申请公布日期 |
2010.01.14 |
| 申请号 |
JP20080165749 |
申请日期 |
2008.06.25 |
| 申请人 |
KDDI R & D LABORATORIES INC |
发明人 |
TAKEMORI KEISUKE |
| 分类号 |
G06F21/20 |
主分类号 |
G06F21/20 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
