| 摘要 |
PROBLEM TO BE SOLVED: To prevent an event analysis of IDS and warning system capable of analyzing event data when unauthorized access generation or the like occurs in a network including the case in which there exists an attacker in the network, detecting the unauthorized access quickly after the communication event, issuing an appropriate alert, treating unauthorized accesses appropriately, and suppressing secondary damage. SOLUTION: In the system, a processing control unit 30 analyzes event data and acquires total numerical information totaling the number of communication event occurrences common in content in one or a plurality of data entry contents of the event data, and an unauthorized access detection part 40 checks whether or not event data content or total numerical value information coincides with specified detection conditions to determine whether or not the access is unauthorized access. Thus, abnormality occurring within the network can be identified and detected on the basis of total numerical value information, unauthorized access states can be detected regardless of whether the attacker is outside or inside, and it can be notified as an appropriate alert. COPYRIGHT: (C)2007,JPO&INPIT |
