摘要 |
PROBLEM TO BE SOLVED: To provide a means for quickly detecting a detour attack in a computer system equipped with a plurality of intrusion detection devices. SOLUTION: In this attack detection method executed by an audit device 120 which detects a detour attack detouring intrusion detection devices (111 to 113) in a computer system equipped with a plurality of the intrusion detection devices (111 to 113) to be called according to the order of the execution of a process, the audit device 120 measures the number of times of use of the intrusion detection devices (111 to 113) in a prescribed processing unit executed by a computer system, and compares the measured number of times of use with the number of plans as the preset number of times of use of the intrusion detection devices (111 to 113) after the use of all the intrusion detection devices (111 to 113) in the prescribed processing unit, and when the measured number of times of use is not matched with the number of plans, a signal showing an abnormality is outputted. COPYRIGHT: (C)2009,JPO&INPIT |