摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide an apparatus for detecting a network scan such as slow scan and a measure for quantitatively measuring the maliciousness of an unauthorized invasion source. <P>SOLUTION: A communication network or the like monitors packets addressed to an internal network under management. Against the known unauthorized access, an unauthorized access detecting IDS 10 is used to eliminate its influences on the internal network. About an access having the probability of the unauthorized access and a network scan, especially, a slow scan hard to detect, the problem is solved by a method of rejecting the access of an access source exceeding a predetermined threshold, or a method of preferentially coping with an access source at a higher rank after ranking the access sources on the basis of the maliciousness, using a maliciousness calculation system 20 for calculating the maliciousness from a host access and a port access from the access source, the access time interval, the access policy violation, etc., thereby quantitatively measuring the maliciousness of the access source. <P>COPYRIGHT: (C)2005,JPO&NCIPI</p> |