Invention Grant
- Patent Title: Infection spread attack detection device, attack origin specification method, and program
-
Application No.: US17265397Application Date: 2019-08-01
-
Publication No.: US11863584B2Publication Date: 2024-01-02
- Inventor: Yukihiro Togari , Hiroaki Maeda , Hisashi Kojima , Takeshi Kuwahara
- Applicant: Nippon Telegraph and Telephone Corporation
- Applicant Address: JP Tokyo
- Assignee: Nippon Telegraph and Telephone Corporation
- Current Assignee: Nippon Telegraph and Telephone Corporation
- Current Assignee Address: JP Tokyo
- Agency: Fish & Richardson P.C.
- Priority: JP 18146593 2018.08.03
- International Application: PCT/JP2019/030149 2019.08.01
- International Announcement: WO2020/027250A 2020.02.06
- Date entered country: 2021-02-02
- Main IPC: H04L9/40
- IPC: H04L9/40 ; G06N5/04 ; G06N20/00
Abstract:
An occurrence of an infection-spreading attack and an attack source thereof are detected with high accuracy. A first feature value is calculated based on traffic information regarding a packet forwarded by a forwarding device, and M partial address spaces to be monitored are specified based on the first feature value. A second feature value is calculated for each address of a terminal in a network, based on traffic information regarding the M partial address spaces, the second feature value is learned to classify terminal addresses into a plurality of clusters, and whether or not each of the clusters is an infection-spreading attack is determined to generate cluster information. Whether or not an infection-spreading attack has occurred and an address of a terminal that is an attack source are specified based on the second feature value and the cluster information.
Public/Granted literature
- US20210306351A1 INFECTION SPREAD ATTACK DETECTION DEVICE, ATTACK ORIGIN SPECIFICATION METHOD, AND PROGRAM Public/Granted day:2021-09-30
Information query
