摘要 |
PROBLEM TO BE SOLVED: To easily judge presence or absence of network abnormality such as DoS attack. SOLUTION: A network abnormality detection device 1 is provided with a measuring part for number of packets 2; a control unit 3 performing a prescribed operation; a storage 4 storing an actual measured value, a prediction value, and a tolerance range; and an output part 5 outputting a judged result. The control unit 3 is provided with a prediction value derivation part 3a deriving the prediction value based on the actual measured value at time different from abnormality detection time, an error derivation part 3b deriving an error between the prediction value and the actual measured value at abnormality detection time, an abnormality judging part 3c judging abnormality of the network based on whether the error is within the tolerance range or not, and a tolerance range derivation part 3d deriving the tolerance range which the abnormality judging part 3c uses as judgment reference. The network abnormality detection device 1 detects presence or absence of abnormality of the network based on whether the error between the prediction value and the actual measured value belongs to the tolerance range or not. COPYRIGHT: (C)2005,JPO&NCIPI
|