Detection device, detection method, and detection program

Detection device, detection method, and detection program

A detection device includes processing circuitry configured to collect communication information in a network including clients and servers, generate a matrix representing states of access from the clients to the servers using the communication information collected, aggregate a plurality of the cli...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hu, Bo, Araki, Shohei, Kamiya, Kazunori
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A detection device includes processing circuitry configured to collect communication information in a network including clients and servers, generate a matrix representing states of access from the clients to the servers using the communication information collected, aggregate a plurality of the clients accessing a target server and generate statistical information of similarities between the aggregated clients in the matrix as a feature amount of the target server, learn, with regard to the target server which is a server for which it is known whether the server is a malicious server, a model for determining whether a server is a malicious server using the feature amount generated, and determine, with regard to the target server which is a server for which it is unknown whether the server is a malicious server, whether the target server is a malicious server using the feature amount generated and the model.