| 摘要 |
PROBLEM TO BE SOLVED: To solve the following problem of a network system: an unanalyzable packet is generated without analyzing all the packets, so that an attack flow cannot be specified. SOLUTION: The packet is sampled in an IP router 2, and is transferred to an analysis device 8. When the analysis device 8 detects that the packet of a prescribed value or above is transmitted to the same host within a prescribed time, the analysis device 8 decides that communication thereof is the attack flow to the host, and communicates information related to the flow to the IP router 2 from the analysis device 8. The IP router 2 receiving it extracts only the packet related to the flow, and transmits it to the analysis device 8. The analysis device 8 analyzes the sampled IP packet, accurately identifies a DoS attack or a DDoS attack, and instructs the IP router to disposes of the identified IP packet for a prescribed time, or to make band control to the IP packet. COPYRIGHT: (C)2006,JPO&NCIPI
|
