Method and apparatus for detecting unauthorized-access, and computer product

US 20050086538A1
Filed: 10/26/2004
Published: 04/21/2005
Est. Priority Date: 05/28/2002
Status: Active Grant

First Claim

Patent Images

1. An unauthorized-access detecting apparatus that detects unauthorized access to a server that provides a service via a network, comprising:

a storing unit that stores a series of process requests as an unauthorized-access event string, the process requests made by an unauthorized user via an unauthorized client; and

a judging unit that compares a new process request with the unauthorized-access event string stored in the storing unit, and judges whether the new process request is the unauthorized access based on a result of comparison.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An unauthorized-access detecting apparatus that detects unauthorized access to a server that provides a service via a network includes a storing unit that stores a series of process request, which is made by an unauthorized user via an unauthorized client, as an unauthorized-access event string; and a judging unit that compares a new process request with the unauthorized-access event string stored in the storing unit, and judges whether the process request is the unauthorized access based on a result of comparison.

28 Citations

View as Search Results

21 Claims

1. An unauthorized-access detecting apparatus that detects unauthorized access to a server that provides a service via a network, comprising:
- a storing unit that stores a series of process requests as an unauthorized-access event string, the process requests made by an unauthorized user via an unauthorized client; and
  
  a judging unit that compares a new process request with the unauthorized-access event string stored in the storing unit, and judges whether the new process request is the unauthorized access based on a result of comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The unauthorized-access detecting apparatus according to claim 1, further comprising a notifying unit that forecasts an attack of the unauthorized access, and notifies the attack forecasted and a countermeasure against the attack.
  - 3. The unauthorized-access detecting apparatus according to claim 1, further comprising:
    - an unauthorized-client storing unit that stores a client that made the process request of the unauthorized access as an unauthorized client; and
      
      an unauthorized-client rejecting unit that rejects the process request from the unauthorized client stored in the unauthorized-client storing unit.
  - 4. The unauthorized-access detecting apparatus according to claim 1, wherein an event includes either of a single process request and a plurality of process requests, and the unauthorized-access event string includes a plurality of the events.
  - 5. The unauthorized-access detecting apparatus according to claim 4, wherein the storing unit stores an unauthorized-access event tree in which the event common to a plurality of the unauthorized-access event string is coupled, and the judging unit compares the new process request with the unauthorized-access event tree.
  - 6. The unauthorized-access detecting apparatus according to claim 4, further comprising:
    - a data storing unit that stores unauthorized-access data that relates to the unauthorized access;
      
      a history storing unit that stores all the process requests to the server as a process history; and
      
      a creating unit that creates the unauthorized-access event string using the unauthorized-access data and the process history.
  - 7. The unauthorized-access detecting apparatus according to claim 6, further comprising an access-event master table that contains a degree of significance of the event predefined for each of the events, wherein the creating unit creates the unauthorized-access event string based on the degree of significance of the event.

8. An unauthorized-access detecting method comprising:
- storing a series of process requests as an unauthorized-access event string, the process requests made by an unauthorized user via an unauthorized client;
  
  comparing a new process request with the unauthorized-access event string stored, and judging whether the new process request is the unauthorized access based on a result of comparison.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The unauthorized-access detecting method according to claim 8, further comprising forecasting an attack of the unauthorized access;
    - and notifying the attack forecasted and a countermeasure against the attack.
  - 10. The unauthorized-access detecting method according to claim 8, further comprising storing a client that made the process request of the unauthorized access as an unauthorized client;
    - and rejecting the process request from the unauthorized client stored.
  - 11. The unauthorized-access detecting method according to claim 8, wherein an event includes either of a single process request and a plurality of process requests, and the unauthorized-access event string includes a plurality of the events.
  - 12. The unauthorized-access detecting method according to claim 11, wherein the storing includes storing an unauthorized-access event tree in which the event common to a plurality of the unauthorized-access event string is coupled, and the comparing includes comparing the new process request with the unauthorized-access event tree.
  - 13. The unauthorized-access detecting method according to claim 11, further comprising storing unauthorized-access data that relates to the unauthorized access;
    - storing all the process requests to the server as a process history; and
      
      creating the unauthorized-access event string using the unauthorized-access data and the process history.
  - 14. The unauthorized-access detecting method according to claim 13, wherein the creating includes creating the unauthorized-access event string based on a degree of significance of the event.

15. A computer-readable recording medium that stores a computer program for detecting an unauthorized-access, the computer program makes the computer execute:
- storing a series of process requests as an unauthorized-access event string, the process requests made by an unauthorized user via an unauthorized client;
  
  comparing a new process request with the unauthorized-access event string stored, and judging whether the new process request is the unauthorized access based on a result of comparison.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-readable recording medium according to claim 15, wherein the computer program further makes the computer execute forecasting an attack of the unauthorized access;
    - and notifying the attack forecasted and a countermeasure against the attack.
  - 17. The computer-readable recording medium according to claim 15, wherein the computer program further makes the computer execute storing a client that made the process request of the unauthorized access as an unauthorized client;
    - and rejecting the process request from the unauthorized client stored.
  - 18. The computer-readable recording medium according to claim 15, wherein an event includes either of a single process request and a plurality of process requests, and the unauthorized-access event string includes a plurality of the events.
  - 19. The computer-readable recording medium according to claim 18, wherein the storing includes storing an unauthorized-access event tree in which the event common to a plurality of the unauthorized-access event string is coupled, and the comparing includes comparing the new process request with the unauthorized-access event tree.
  - 20. The computer-readable recording medium according to claim 18, wherein the computer program further makes the computer execute storing unauthorized-access data that relates to the unauthorized access;
    - storing all the process requests to the server as a process history; and
      
      creating the unauthorized-access event string using the unauthorized-access data and the process history.
  - 21. The computer-readable recording medium according to claim 20, wherein the creating includes creating the unauthorized-access event string based on a degree of significance of the event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Kubota, Kazumi

Granted Patent

US 8,166,553 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 20/10   specially adapted for elect...

G06Q 40/03   Credit; Loans; Processing t...

H04L 63/1416   Event detection, e.g. attac...

Method and apparatus for detecting unauthorized-access, and computer product

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for detecting unauthorized-access, and computer product

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links