NETWORK MONITORING DEVICE, NETWORK MONITORING METHOD, AND STORAGE MEDIUM HAVING NETWORK MONITORING PROGRAM STORED THEREON

NETWORK MONITORING DEVICE, NETWORK MONITORING METHOD, AND STORAGE MEDIUM HAVING NETWORK MONITORING PROGRAM STORED THEREON

In a network monitoring device 100, a CPU 102 detects an increase point of a darknet traffic and calculates, with regard to a darknet traffic corresponding to the increase point, an evaluation value indicating priority of a countermeasure against a cyberattack based on whether or not one or more of...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: NISHIJIMA, Katsuya, SHIGEMOTO, Tomohiro, KITO, Tetsuro
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In a network monitoring device 100, a CPU 102 detects an increase point of a darknet traffic and calculates, with regard to a darknet traffic corresponding to the increase point, an evaluation value indicating priority of a countermeasure against a cyberattack based on whether or not one or more of the following conditions are met: the darknet traffic has been detected inside a user organization; a correlation score of a darknet traffic between an observation point and the user organization is equal to or more than a threshold; a transmission source IP address is included in a blacklist; the darknet traffic is included in threat intelligence as attack information; a corresponding log is included in a honeypot; the honeypot including the log is included in the user organization; a CVSS score of a target is equal to or more than a threshold; and there is a product having vulnerability inside the user organization.