摘要 |
<p><P>PROBLEM TO BE SOLVED: To solve the problem wherein, abnormal traffic such as a DDoS (distributed denial of service) attack, traffic concentration, device failure, or the like, is generally detected as variables of the traffic amount in network management but which cause traffic cannot be understood by mere detection, so that it is impossible to understand the current situation, cope with abnormal traffic and take countermeasures. <P>SOLUTION: Traffic that causes a traffic amount change is compared with traffic, before occurrence of the traffic amount change and traffic under the occurrence of the change, so that only the traffic that causes the change is extracted as a flow identifier. In this flow identifier determination, trade-off relation of three elements of a degree of contribution to the traffic amount change of traffic corresponding to the flow identifier, the degree of presence, prior to the change and the number of flow identifiers, is optimized according to an evaluation expression, thereby a flow identifier that maximizes the degree of contribution to the traffic amount change with the minimum number of flow identifiers and minimizing the degree of presence prior to the change is decided. <P>COPYRIGHT: (C)2009,JPO&INPIT</p> |