ATTACK DETECTION DEVICE, ATTACK DETECTION SYSTEM, ATTACK DETECTION METHOD, AND ATTACK DETECTION PROGRAM

To obtain an attack detection device capable of detecting cyber-attacks that exploit vulnerabilities in an early stage and reducing a processing load by adjusting an execution cycle of detection rules.SOLUTION: The attack detection device includes: a vulnerability information record DB for storing vulnerability information detected in the past by the attack detection device; a vulnerability information acquisition unit for acquiring new vulnerability information; a configuration information DB for storing configuration information regarding a plurality of component devices; a target device determination unit for determining a vulnerable component device as a target device from the new vulnerability information and the configuration information; a detection rule determination unit for determining a detection rule in which the target device and a component device match from the determination result of the target device determination unit and the detection rule; a risk value calculation unit for calculating a risk value of the vulnerability from the new vulnerability information; and an execution cycle updating unit for updating so that the execution cycle of performing the detection rule determined in accordance with the increase in the risk value is shortened.SELECTED DRAWING: Figure 1 【課題】脆弱性を悪用したサイバー攻撃を早期に検知でき、検知ルールの実行周期を調整して処理負荷を低減できる攻撃検知装置を得ること。【解決手段】攻撃検知装置で過去に検知した脆弱性情報を格納する脆弱性情報記録ＤＢと、新規の脆弱性情報を取得する脆弱性情報取得部と、複数の構成機器に関する構成情報を格納する構成情報ＤＢと、新規の脆弱性情報と構成情報とから脆弱性のある構成機器を対象機器として判定する対象機器判定部と、対象機器判定部の判定結果と検知ルールとから対象機器と構成機器とが一致する検知ルールを判定する検知ルール判定部と、新規の脆弱性情報から脆弱性のリスク値を計算するリスク値計算部と、リスク値が高まるのに応じて判定した検知ルールを行う実行周期が縮まるように更新する実行周期更新部を備える。【選択図】図１