| 摘要 |
An original attacker which has set a computer as a springboard is detected by detecting a source of a virus or a DNS attack linked to an application, which attacks other computers. A source detection device for detecting a source of a virus or a DNS attack captures packets from a network under setting conditions, and extracts required information. The source detection device stores data such as information concerning behaviors and/or features of viruses and/or DNS attacks, and/or logs of respective servers, which are required for an application traceback. Linkage of a virus or a DNS attack is determined from an application traceback processing result stored in a database and from various data, and new conditions are set accordingly. Under the new conditions, source detection is carried out for a virus or a DNS attack. Data is updated and accumulated accordingly, and linkage and a relationship between a behavior of an attack and a virus or a DNS attack is determined, thereby to detect a source of the attack.
|
