| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To detect traffic abnormality caused by a worm, without depending on the use environment of a computer such as an OS, even when an unknown virus or the worm intrudes the computer. <P>SOLUTION: A network abnormality detection apparatus includes a first input/output section 110 for inputting/outputting data to/from an internal network, a second input/output section 120 for inputting/outputting data to/from an external network, and a data totalizing section 130 for totalizing data for detecting traffic abnormality from input data. Furthermore, the network abnormality detection apparatus includes an index data holding section 140 for holding data totalized during a fixed period of time in the past by the data totalizing section 130 as index data to be used as an index when calculating a traffic abnormality degree, and an abnormality degree calculating section 150 for calculating the traffic abnormality degree using evaluation data totalized at an abnormality degree calculation time by the data totalizing section 130 and the index data acquired from the index data holding section 140. <P>COPYRIGHT: (C)2008,JPO&INPIT</p> |
