摘要 |
PROBLEM TO BE SOLVED: To provide an attack detection system and method which effectively defend against illegal access by detecting it even when a communication path encryption technique such as SSL is used for access from the Internet to the Intranet. SOLUTION: A firewall device 1 and a decoy device 37 are provided. The firewall device 1 refers to header information of a received IP packet and, when it is judged that the input IP packet is suspicious, it is guided into the decoy device 37. In the decoy device 37, an event management unit 3,701 links a process status (event) to events in the past and transfers it to an attack detection unit 3,702. The attack detection unit 3,702 judges the presence or the absence of attacks by collation with attack detection rules. When an attack is detected, an alert including the attack-source IP address is generated and sent to the firewall device 1. The firewall device 1 which receives the relevant alert rejects the reception of the IP packet from the attack-source host thereafter. COPYRIGHT: (C)2008,JPO&INPIT
|