ANALYSIS DEVICE, ANALYSIS METHOD, AND ANALYSIS PROGRAM

ANALYSIS DEVICE, ANALYSIS METHOD, AND ANALYSIS PROGRAM

An analysis server (10) uses a model representing features of normal communication as a basis to accumulate alerts of communication determined not to be normal, in a storage unit (12). Then, the analysis server (10) performs clustering by targeting, among the accumulated alerts, alerts from which al...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: SHINOHARA, Masanori, AOYAGI, Makiko, NAGAFUCHI, Yukio, KOYAMA, Takaaki, TERAMOTO, Yasuhiro
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:An analysis server (10) uses a model representing features of normal communication as a basis to accumulate alerts of communication determined not to be normal, in a storage unit (12). Then, the analysis server (10) performs clustering by targeting, among the accumulated alerts, alerts from which alerts having a category variable different from that of communication data used for learning of the model is excluded, and then using feature amounts of the communication included in the alerts. Subsequently, the analysis server (10) determines whether each of clusters generated by the clustering is constituted by the same type of alerts or not. Then, the analysis server (10) outputs the result of the clustering and the determination result whether or not respective clusters are constituted by the same type of alerts.