Log analysis system

US 10,164,839 B2
Filed: 03/17/2016
Issued: 12/25/2018
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A communication log analysis system for detecting unauthorized communications to a target device comprising:

a processor configured toreceive communication logs of communications at the target device by a detector;

normalize the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;

add common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set;

aggregate the communication logs to which the common information is added based on the common information added to the communication logs;

align information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector;

output the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and

analyze the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A log analysis system includes a first processor unit, a second processor unit, a third processor unit, and a fourth processor unit. The first processor unit normalizes the detection log acquired by an acquirer, allocating the detection log into predefined monitoring target units, and outputs the monitoring target units. The second processor unit appends common information based on a predefined rule to each of the monitoring target units of the detection log output from the first processor unit, arranges the monitoring target units into information granularities based on the content of the detection log and common information, and outputs the monitoring target units as analysis unit information. The third processor unit gathers the analysis unit information output from the second processor unit and setting detection target event candidates based on a predefined rule, and outputs the detection target event candidates and the determination results.

Citations

9 Claims

1. A communication log analysis system for detecting unauthorized communications to a target device comprising:
- a processor configured toreceive communication logs of communications at the target device by a detector;
  
  normalize the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;
  
  add common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set;
  
  aggregate the communication logs to which the common information is added based on the common information added to the communication logs;
  
  align information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector;
  
  output the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and
  
  analyze the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.

2. A communication log analysis method for detecting unauthorized communications to a target device, the method comprising:
- receiving communication logs of communications at the target device by a detector;
  
  normalizing the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;
  
  adding common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set;
  
  aggregating the communication logs to which the common information is added based on the common information added to the communication logs;
  
  aligning information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector;
  
  outputting the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and
  
  analyzing the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.

3. A non-transitory computer readable medium storing one or more computer programs, the one or more computer programs comprising codes for instructing a computer to perform a communication log analysis method for detecting unauthorized communications to a target device, comprising:
- receiving communication logs of communications at the target device by a detector;
  
  normalizing the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;
  
  adding common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set;
  
  aggregating the communication logs to which the common information is added based on the common information added to the communication logs;
  
  aligning information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector;
  
  outputting the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and
  
  analyzing the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.

4. A communication log analysis system for detecting unauthorized communications to a target device, comprising:
- a first processor configured tonormalize received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;
  
  add common information to the communication logs, which have been normalized, with the target device, the received communication logs being generated by events, and aggregate the communication logs to which the common information is added based on the common information added to the communication logs; and
  
  align information granularities of the aggregated communication logs to which the common information has been added to output and analyze the aggregated communication logs to which the common information has been added and whose information granularities have been aligned and to output communication log candidates matching unauthorized communications with the target device.
- View Dependent Claims (5)
- - 5. The communication log analysis system according to claim 4, further comprising:
    - a second processor configured to analyze the communication log candidates output from the first processor.

6. A communication log analysis method for detecting unauthorized communications to a target device, performed by one or more computers, the method comprising:
- normalizing received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;
  
  adding common information to the communication logs, which have been normalized, with the target device, the received communication logs being generated by events, and aggregating the communication logs to which the common information is added based on the common information added to the communication logs; and
  
  aligning information granularities of the aggregated communication logs to which the common information has been added to output and analyze the aggregated communication logs to which the common information has been added and whose information granularities have been aligned and to output communication log candidates matching unauthorized communications with the target device.
- View Dependent Claims (7)
- - 7. The communication log analysis method according to claim 6, further comprising:
    - analyzing the communication log candidates.

8. A non-transitory computer readable medium storing one or more computer programs, the one or more computer programs comprising codes for instructing a computer to perform a communication log analysis method for detecting unauthorized communications to a target device, comprising:
- normalizing received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;
  
  adding common information to the communication logs, which have been normalized, with the target device, the received communication logs being generated by events, and aggregating the communication logs to which the common information is added based on the common information added to the communication logs; and
  
  aligning information granularities of the aggregated communication logs to which the common information has been added to output and analyze the aggregated communication logs to which the common information has been added and whose information granularities have been aligned and to output communication log candidates matching unauthorized communications with the target device.
- View Dependent Claims (9)
- - 9. The non-transitory computer readable medium according to claim 8,wherein the one or more computer programs further comprise a code for:
    - analyzing the communication log candidates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LAC Co., Ltd.
Original Assignee
LAC Co., Ltd.
Inventors
Tsuchiya, Kazuhide, Abe, Masamichi, Kageyama, Tetsuya, Kawaguchi, Hiroshi, Washio, Hiroyuki, Umaki, Atsushi, Shiode, Ippei, Kimura, Masahiro, Fujimoto, Hiroshi, Takechi, Hiroshi
Primary Examiner(s)
Vostal, Ondrej C

Application Number

US15/072,720
Publication Number

US 20160197790A1
Time in Patent Office

1,013 Days
Field of Search

709224
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06Q 50/10   Services

H04L 12/6418   Hybrid transport

H04L 41/14   Network analysis or design

H04L 43/026   using flow identification

H04L 43/065   related to network devices

H04L 63/1425   Traffic logging, e.g. anoma...

Log analysis system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Log analysis system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links