NETWORK MONITORING DEVICE, NETWORK MONITORING METHOD, AND STORAGE MEDIUM HAVING RECORDED THEREON NETWORK MONITORING PROGRAM

NETWORK MONITORING DEVICE, NETWORK MONITORING METHOD, AND STORAGE MEDIUM HAVING RECORDED THEREON NETWORK MONITORING PROGRAM

In a network monitoring device, a CPU detects an increase point of a darknet traffic and calculates, with regard to darknet traffic corresponding to the increase point, an evaluation value indicating priority of a countermeasure against a cyberattack based on whether one or more of the following con...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: NISHIJIMA, Katsuya, SHIGEMOTO, Tomohiro, KITO, Tetsuro
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In a network monitoring device, a CPU detects an increase point of a darknet traffic and calculates, with regard to darknet traffic corresponding to the increase point, an evaluation value indicating priority of a countermeasure against a cyberattack based on whether one or more of the following conditions are met: the darknet traffic has been detected inside a user organization; a correlation score of a darknet traffic between an observation point and the user organization is equal to or more than a threshold; a transmission source IP address is included in a blacklist; the darknet traffic is included in threat intelligence as attack information; a corresponding log is included in a honeypot; the honeypot including the log is included in the user organization; a CVSS score of a target is equal to or more than a threshold; and there is a product having vulnerability inside the user organization.