摘要 |
PROBLEM TO BE SOLVED: To provide a system for observing the number of packets from network traffic and specifying an abnormal packet kind relating to a DoS attack by quantitative analysis. SOLUTION: The abnormal packet kind specifying system comprises: a number-of-packets count part 101 for classifying packet kinds into k (k: natural number) and measuring the number of packets for every fixed time for each classification; a k-dimensional vector generation part 102 for generating a k-dimensional vector for which the classification is an element on the basis of the measured number of packets; a storage part 103 for storing required information; a main component axis derivation part 104 for deriving a main component axis determined on the basis of correlation among respective dimensions in a k-dimensional feature space; a k-dimensional vector-main component axis distance measurement part 105 for measuring a distance between the generated k-dimensional vector and the main component axis; an abnormality judgement part 106 for judging the presence/absence of abnormality on the basis of the measured distance; and a packet kind specifying part 107 for analyzing a difference element between the k-dimensional vector and the main component axis judged as being abnormal and specifying the kind of the abnormal packet. COPYRIGHT: (C)2007,JPO&INPIT
|