Log analyzing system and method
First Claim
Patent Images
1. A log analyzing system which analyzes a log of communications of a control device, the log analyzing system comprising:
- a network device which receives a plurality of communication packets corresponding to the communications of the control device from a network; and
a monitoring device which monitors the plurality of communication packets to the network device including reception times and reception sizes of the plurality of communication packets,wherein the monitoring device is programmed to;
create time series data indicating respective reception times and receptions sizes of the plurality of communication packets,frequency convert the time series data to generate information of respective frequencies and strength of the plurality of communication packets based on the respective reception times and receptions sizes of the plurality of communication packets,extract an abnormal pattern by determining a difference between the frequency-converted time series data and a predetermined stable pattern representing communication in a state of no unauthorized access, andinverse frequency convert the extracted abnormal pattern to acquire one or more respective times and sizes of one or more abnormal communication packets among the plurality of communication packets, andoutput the one or more abnormal communication packets including the respective times and sizes thereof.
1 Assignment
0 Petitions
Accused Products
Abstract
Proposed are a log analyzing system and a log analyzing method capable of more effectively defending a control system from unauthorized access. The log analyzing system which analyzes a communication log of a control device comprises a network device which receives a communication packet corresponding to the communication log from a network, and a monitoring device which monitors communication to the network device, wherein the monitoring device obtains a difference between a communication pattern of the communication packet and a stable pattern, which is a pattern of a communication in a state of no unauthorized access, restores the communication packet based on the difference, and notifies the restored communication packet.
-
Citations
6 Claims
-
1. A log analyzing system which analyzes a log of communications of a control device, the log analyzing system comprising:
-
a network device which receives a plurality of communication packets corresponding to the communications of the control device from a network; and a monitoring device which monitors the plurality of communication packets to the network device including reception times and reception sizes of the plurality of communication packets, wherein the monitoring device is programmed to; create time series data indicating respective reception times and receptions sizes of the plurality of communication packets, frequency convert the time series data to generate information of respective frequencies and strength of the plurality of communication packets based on the respective reception times and receptions sizes of the plurality of communication packets, extract an abnormal pattern by determining a difference between the frequency-converted time series data and a predetermined stable pattern representing communication in a state of no unauthorized access, and inverse frequency convert the extracted abnormal pattern to acquire one or more respective times and sizes of one or more abnormal communication packets among the plurality of communication packets, and output the one or more abnormal communication packets including the respective times and sizes thereof. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A log analyzing method in a log analyzing system which analyzes a log of communications of a control device,
wherein the log analyzing system includes: -
a network device which receives a plurality of communication packets corresponding to the communications of the control device from a network; and a monitoring device which monitors the plurality of communication to the network device, the log analyzing method comprising; creating time series data indicating respective reception times and receptions sizes of the plurality of communication packets, frequency converting the time series data to generate information of respective frequencies and strength of the plurality of communication packets based on the respective reception times and receptions sizes of the plurality of communication packets, extracting an abnormal pattern by determining a difference between the frequency-converted time series data and a predetermined stable pattern representing communication in a state of no unauthorized access, and inverse frequency converting the extracted abnormal pattern to acquire one or more respective times and sizes of one or more abnormal communication packets among the plurality of communication packets, and outputting the one or more abnormal communication packets including the respective times and sizes thereof.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHitachi, Ltd.
-
Original AssigneeHitachi, Ltd.
-
InventorsUchiyama, Hiroki, Yato, Akifumi, Ohkubo, Satoshi, Yamaguchi, Kohhei
-
Primary Examiner(s)Zarrineh, Shahriar
-
Application NumberUS15/795,429Publication NumberTime in Patent Office795 DaysField of Search726 22US Class CurrentCPC Class CodesG06F 11/3006 where the computing system ...G06F 11/3476 Data logging G06F11/14, G06...G06F 17/40 Data acquisition and loggin...H04L 41/069 using logs of notifications...H04L 43/045 for graphical visualisation...H04L 43/50 Testing arrangementsH04L 63/1425 Traffic logging, e.g. anoma...H04L 63/145 the attack involving the pr...H04L 63/1458 Denial of Service
