| 摘要 |
PROBLEM TO BE SOLVED: To detect attacks made on known vulnerabilities, without errors neither omission. SOLUTION: An attack detector 10 processes input data halfway (till reaching a processing part having vulnerabilities) in the same manner as a program having vulnerabilities and compares data to be accepted by the processing part having vulnerabilities, with criteria of attack preliminarily prepared per vulnerability (for example, a data size and a specific code included in data) and detects input data as an attack when the data meets the criteria of attack. The attack detector 10 processes input data in the same manner as the program having vulnerabilities and monitors resource use conditions peculiar to the program (for example, the number of allowed communication sessions and the number of files capable of being opened) in response to start of processing in the processing part having vulnerabilities and detects input data as an attack when the resource use conditions exceed threshold preliminarily prepared per vulnerability. COPYRIGHT: (C)2007,JPO&INPIT |
