Non-transitory recording medium recording cyber-attack analysis supporting program, cyber-attack analysis supporting method, and cyber-attack analysis supporting apparatus

US 10,476,904 B2
Filed: 08/07/2017
Issued: 11/12/2019
Est. Priority Date: 08/26/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory recording medium encoded with a cyber-attack analysis supporting program, where the cyber-attack analysis supporting program, when executed by a processor, is operable to:

accepting registration of pieces of information each including one or more items regarding respective cyber-attack events in response to detection of malware in an information processing system of a monitoring target;

displaying each of the pieces of information registered regarding the respective cyber-attack events in a state in which each of the one or more items is coupled as a subordinate node to a representative node of the respective cyber-attack events;

displaying pieces of data of the one or more items in a state in which each of the pieces of data is coupled as a sub-subordinate node to a node of the one or more items; and

displaying a coupling state between a first sub-subordinate node of the representative node of one of the cyber-attack events and a second sub-subordinate node of the representative node of another of the cyber-attack events when the first sub-subordinate node is associated with the second sub-subordinate node to recognize a relation between the one of the cyber-attack events and the another of the cyber-attack events.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A non-transitory recording medium recording a cyber-attack analysis supporting program that causes a computer to execute a process, the process includes: accepting registration of information of one or more items regarding a cyber-attack event in response to detection of malware in an information processing system of a monitoring target; and displaying the information registered regarding the cyber-attack event in a state in which each of the one or more items is coupled as a subordinate node to a representative node of the cyber-attack event.

18 Citations

View as Search Results

13 Claims

1. A non-transitory recording medium encoded with a cyber-attack analysis supporting program, where the cyber-attack analysis supporting program, when executed by a processor, is operable to:
- accepting registration of pieces of information each including one or more items regarding respective cyber-attack events in response to detection of malware in an information processing system of a monitoring target;
  
  displaying each of the pieces of information registered regarding the respective cyber-attack events in a state in which each of the one or more items is coupled as a subordinate node to a representative node of the respective cyber-attack events;
  
  displaying pieces of data of the one or more items in a state in which each of the pieces of data is coupled as a sub-subordinate node to a node of the one or more items; and
  
  displaying a coupling state between a first sub-subordinate node of the representative node of one of the cyber-attack events and a second sub-subordinate node of the representative node of another of the cyber-attack events when the first sub-subordinate node is associated with the second sub-subordinate node to recognize a relation between the one of the cyber-attack events and the another of the cyber-attack events.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The non-transitory recording medium according to claim 1, wherein the one or more items include an attacker, an attack method, a detection index, an observation event, an incident, a corrective measure, or an attack target.
  - 3. The non-transitory recording medium according to claim 2, wherein the information of the attacker includes information regarding at least one of a transmission source mail address of the cyber-attack event and an account of a social network service.
  - 4. The non-transitory recording medium according to claim 2, wherein the information of the attack method includes information of a pattern of an attack, a resource used by the attacker, an attack base of the attacker, or an attack target.
  - 5. The non-transitory recording medium according to claim 2, wherein the information of the detection index includes information indicative of an index that characterizes the cyber-attack event.
  - 6. The non-transitory recording medium according to claim 2, wherein the information of the observation event includes information indicative of an event relating to an operation observed in the cyber-attack event.
  - 7. The non-transitory recording medium according to claim 2, wherein the information of the incident includes information regarding at least one of an owner or a manager of an asset damaged by the attacker and a place of the asset.
  - 8. The non-transitory recording medium according to claim 2, wherein the information of the corrective measure includes information indicative of a measure to cope with a threat by the cyber-attack event.
  - 9. The non-transitory recording medium according to claim 2, wherein the information of the attack target includes information indicative of a weak point of an asset that becomes a target of an attack in the cyber-attack event.

10. A cyber-attack analysis supporting method, comprising:
- accepting registration of pieces of information each including one or more items regarding respective cyber-attack events in response to detection of malware in an information processing system of a monitoring target;
  
  displaying each of the pieces of information registered regarding the respective cyber-attack events in a state in which each of the one or more items is coupled as a subordinate node to a representative node of the respective cyber-attack events;
  
  displaying pieces of data of the one or more items in a state in which each of the pieces of data is coupled as a sub-subordinate node to a node of the one or more items; and
  
  displaying a coupling state between a first sub-subordinate node of the representative node of one of the cyber attack events and a second sub-subordinate node of the representative node of another of the cyber-attack events when the first sub-subordinate node is associated with the second sub-subordinate node to recognize a relation between the one of the cyber-attack events and the another of the cyber-attack events.
- View Dependent Claims (11)
- - 11. The cyber-attack analysis supporting method according to claim 10, wherein the one or more items include an attacker, an attack method, a detection index, an observation event, an incident, a corrective measure, or an attack target.

12. A cyber-attack analysis supporting apparatus, comprising:
- a memory that stores a cyber-attack analysis supporting program; and
  
  a processor that executes a method based on the cyber-attack analysis supporting program, wherein the method includes;
  
  accepting registration of pieces of information each including one or more items regarding respective cyber-attack events in response to detection of malware in an information processing system of a monitoring target;
  
  displaying each of the pieces of information registered regarding the respective cyber-attack events in a state in which each of the one or more items is coupled as a subordinate node to a representative node of the respective cyber-attack events;
  
  displaying pieces of data of the one or more items in a state in which each of the pieces of data is coupled as a sub-subordinate node to a node of the one or more items; and
  
  displaying a coupling state between a first sub-subordinate node of the representative node of one of the cyber attack events and a second sub-subordinate node of the representative node of another of the cyber-attack events when the first sub-subordinate node is associated with the second sub-subordinate node to recognize a relation between the one of the cyber-attack events and the another of the cyber-attack events.
- View Dependent Claims (13)
- - 13. The cyber-attack analysis supporting apparatus according to claim 12, wherein the one or more items include an attacker, an attack method, a detection index, an observation event, an incident, a corrective measure, or an attack target.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Yamada, Koji, Yoshimura, Kunihiko, Tanabe, Kouta, Satomi, Toshitaka, Masuoka, Ryusuke
Primary Examiner(s)
Abyaneh, Ali S
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US15/670,031
Publication Number

US 20180063177A1
Time in Patent Office

827 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

H04L 2463/146   Tracing the source of attacks

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Non-transitory recording medium recording cyber-attack analysis supporting program, cyber-attack analysis supporting method, and cyber-attack analysis supporting apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Non-transitory recording medium recording cyber-attack analysis supporting program, cyber-attack analysis supporting method, and cyber-attack analysis supporting apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links