UNAUTHORIZED ACCESS DETECTION DEVICE, ITS METHOD, COMPUTER PROGRAM, AND RECORDING MEDIUM WITH COMPUTER PROGRAM RECORDED THEREON

摘要

PROBLEM TO BE SOLVED: To detect an unauthorized access to a computer system which performs authentication twice or more. SOLUTION: A communication record collection part 11 in an unauthorized intruder detection system 1 acquires a communication record obtained by collecting logs each of which includes the address of a connecting source, user identification information and connection time or disconnection time on the basis of user authentication to a server and a communication record obtained by collecting logs connected on the basis of user authentication to a server connected in the connection to the server concerned. An unauthorized access determination part 13 retrieves a log between the connection time of a log including connection time included in the communication record of the server connected ahead and the disconnection time of a log including the address of the log and the user identification information included in the communication record and disconnection time nearest to the connection time of the log from the communication record of the server connected later and compares the user identification information of the log of the server connected ahead with that of the log of the server connected later. COPYRIGHT: (C)2004,JPO