Log analysis system
First Claim
1. A communication log analysis system for detecting unauthorized communications to a target device comprising:
- a processor configured toreceive communication logs of communications at the target device by a detector;
normalize the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs;
add common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set;
aggregate the communication logs to which the common information is added based on the common information added to the communication logs;
align information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector;
output the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and
analyze the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.
1 Assignment
0 Petitions
Accused Products
Abstract
A log analysis system includes a first processor unit, a second processor unit, a third processor unit, and a fourth processor unit. The first processor unit normalizes the detection log acquired by an acquirer, allocating the detection log into predefined monitoring target units, and outputs the monitoring target units. The second processor unit appends common information based on a predefined rule to each of the monitoring target units of the detection log output from the first processor unit, arranges the monitoring target units into information granularities based on the content of the detection log and common information, and outputs the monitoring target units as analysis unit information. The third processor unit gathers the analysis unit information output from the second processor unit and setting detection target event candidates based on a predefined rule, and outputs the detection target event candidates and the determination results.
-
Citations
9 Claims
-
1. A communication log analysis system for detecting unauthorized communications to a target device comprising:
a processor configured to receive communication logs of communications at the target device by a detector; normalize the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs; add common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set; aggregate the communication logs to which the common information is added based on the common information added to the communication logs; align information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector; output the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and analyze the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.
-
2. A communication log analysis method for detecting unauthorized communications to a target device, the method comprising:
-
receiving communication logs of communications at the target device by a detector; normalizing the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs; adding common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set; aggregating the communication logs to which the common information is added based on the common information added to the communication logs; aligning information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector; outputting the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and analyzing the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.
-
-
3. A non-transitory computer readable medium storing one or more computer programs, the one or more computer programs comprising codes for instructing a computer to perform a communication log analysis method for detecting unauthorized communications to a target device, comprising:
-
receiving communication logs of communications at the target device by a detector; normalizing the received communication logs by rendering the information contained in each communication log into a common format with the other communication logs; adding common information to the communication logs, which have been normalized, with the target device, the common information being based on a rule that was previously set; aggregating the communication logs to which the common information is added based on the common information added to the communication logs; aligning information granularities of the aggregated communication logs to which the common information has been added, depending on the type of the detector; outputting the aggregated communication logs to which the common information has been added and whose information granularities have been aligned; and analyzing the output aggregated communication logs to which the common information has been added and whose information granularities have been aligned to output communication log candidates matching unauthorized communications with the target device.
-
-
4. A communication log analysis system for detecting unauthorized communications to a target device, comprising:
a first processor configured to normalize received communication logs by rendering the information contained in each communication log into a common format with the other communication logs; add common information to the communication logs, which have been normalized, with the target device, the received communication logs being generated by events, and aggregate the communication logs to which the common information is added based on the common information added to the communication logs; and align information granularities of the aggregated communication logs to which the common information has been added to output and analyze the aggregated communication logs to which the common information has been added and whose information granularities have been aligned and to output communication log candidates matching unauthorized communications with the target device. - View Dependent Claims (5)
-
6. A communication log analysis method for detecting unauthorized communications to a target device, performed by one or more computers, the method comprising:
-
normalizing received communication logs by rendering the information contained in each communication log into a common format with the other communication logs; adding common information to the communication logs, which have been normalized, with the target device, the received communication logs being generated by events, and aggregating the communication logs to which the common information is added based on the common information added to the communication logs; and aligning information granularities of the aggregated communication logs to which the common information has been added to output and analyze the aggregated communication logs to which the common information has been added and whose information granularities have been aligned and to output communication log candidates matching unauthorized communications with the target device. - View Dependent Claims (7)
-
-
8. A non-transitory computer readable medium storing one or more computer programs, the one or more computer programs comprising codes for instructing a computer to perform a communication log analysis method for detecting unauthorized communications to a target device, comprising:
-
normalizing received communication logs by rendering the information contained in each communication log into a common format with the other communication logs; adding common information to the communication logs, which have been normalized, with the target device, the received communication logs being generated by events, and aggregating the communication logs to which the common information is added based on the common information added to the communication logs; and aligning information granularities of the aggregated communication logs to which the common information has been added to output and analyze the aggregated communication logs to which the common information has been added and whose information granularities have been aligned and to output communication log candidates matching unauthorized communications with the target device. - View Dependent Claims (9)
-
Specification