Access chain tracing system, network system, and storage medium
First Claim
1. For a system wherein a packet is transmitted across a network along an access chain constituted by a plurality of connections, an access chain tracing method comprising the steps of:
- comparing the size of the data in a packet at the time a first connection is made with the size of the data in a said packet at the time a second connection is made; and
employing the comparison result to determine whether said first connection and said second connection are to be included in the same chain.
1 Assignment
0 Petitions
Accused Products
Abstract
Log data for a packet that is exchanged across a network are recorded in a log box. At this time, the data size of the packet and the detection time are recorded. When an illegal access has occurred at a target computer, the tracing of an access chain is performed on the log information. The tracing of the access chain is performed as follows. A change in the size of the data in a packet in accordance with the time of the first connection, and a change in the size of the data in a packet in accordance with the time of the second connection are calculated using the log data, and then the shapes of the graphs formed by these packet series are compared. When the shapes of the graphs are similar, it is ascertained that the pertinent connections are included in the same chain.
-
Citations
16 Claims
-
1. For a system wherein a packet is transmitted across a network along an access chain constituted by a plurality of connections, an access chain tracing method comprising the steps of:
-
comparing the size of the data in a packet at the time a first connection is made with the size of the data in a said packet at the time a second connection is made; and
employing the comparison result to determine whether said first connection and said second connection are to be included in the same chain. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An access chain tracing method comprising the steps of:
-
recording first packet data that include the size of the data in a packet at a first connection and a detection time for said packet;
recording second packet data that include the size of the data in said packet at a second connection and a detection time for said packet;
transmitting said first packet data that are recorded;
receiving said first packet data;
comparing said first packet data with said second packet data to determine what change there was in the size of the data in said packet at the time of said first connection and in the size of the data in said packet at the time of said second connection;
employing the comparison result obtained at said comparison step to determine whether said first connection and said second connection are included in the same chain; and
transmitting the determination result obtained at said determination step.
-
-
7. A computer-readable storage medium on which a program is stored to permit a computer to perform the method for an access chain tracing method comprising the steps of:
-
comparing the size of the data in a packet at the time a first connection is made with the size of the data in a said packet at the time a second connection is made; and
employing the comparison result to determine whether said first connection and said second connection are to be included in the same chain.
-
-
8. For a system wherein a packet is transmitted across a network along an access chain constituted by a plurality of connections, an access chain tracing system comprising:
-
a comparator for comparing the size of the data in a packet at the time of a first connection with the size of the data in said packet at the time of a second connection; and
a determiner for employing the comparison result obtained by said comparator to determine whether said first connection and said second connection are included in the same chain. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. For a system wherein a packet is transmitted across a network along an access chain constituted by a plurality of connections, an access chain tracing system comprising:
-
a recording unit for recording packet data that include information concerning packet size and detection time;
a transmitter for transmitting said packet data to a different site for a determination to be made; and
a receiver for receiving the determination result from said different site.
-
-
15. A network system comprising:
-
a first collection device for collecting first packet data that include the size of data in packet and a detection time, and for transmitting said first packet data;
a second collection device for collecting second packet data that include the size of data in said packet and a detection time; and
a calculation system for comparing said first packet data with said second packet data to determine what change there was in the size of the data in said packet at the time of a first connection and in the size of the data in said packet at the time of a second connection, and for employing the comparison result to determine whether said first connection and said second connection are included in the same chain. - View Dependent Claims (16)
-
Specification