Device, method and program for detecting unauthorized access
First Claim
1. An unauthorized access detection device for detecting unauthorized accesses over a network, comprising:
- unauthorized access scenario storage means for storing unauthorized access scenarios each defining a procedure of processes to be executed over the network until an unauthorized access is made through preparation;
ongoing scenario storage means for storing ongoing scenarios by relating the ongoing scenarios to key data, the ongoing scenarios each indicating progress of processes executed over the network based on one of the unauthorized access scenarios, the key data differentiating processes associated with each of the ongoing scenarios from other processes;
key data extraction means for obtaining a packet traveling on the network and extracting the key data from the packet obtained;
ongoing scenario detection means for retrieving an ongoing scenario from the ongoing scenario storage means with the key data extracted by the key data extraction means as a search key;
check means for determining whether execution of a process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detection means follows one of the unauthorized access scenarios being stored in the unauthorized access scenario storage means;
ongoing scenario update means for updating the ongoing scenario being stored in the ongoing scenario storage means when a check result of the check means shows that the execution follows the one of the unauthorized access scenarios; and
report output means for outputting an unauthorized access report showing progress of processes executed based on the one of the unauthorized access scenarios, depending on the check result of the check means.
2 Assignments
0 Petitions
Accused Products
Abstract
An unauthorized access detection device capable of detecting unauthorized accesses which are made through preparation, in real time. When a packet travels on a network, a key data extractor obtains the packet and obtains key data. Next an ongoing scenario detector searches an ongoing scenario storage unit for an ongoing scenario with the key data as search keys. A check unit determines whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit. Then a report output unit outputs an unauthorized access report depending on the check result of the check unit.
309 Citations
11 Claims
-
1. An unauthorized access detection device for detecting unauthorized accesses over a network, comprising:
-
unauthorized access scenario storage means for storing unauthorized access scenarios each defining a procedure of processes to be executed over the network until an unauthorized access is made through preparation;
ongoing scenario storage means for storing ongoing scenarios by relating the ongoing scenarios to key data, the ongoing scenarios each indicating progress of processes executed over the network based on one of the unauthorized access scenarios, the key data differentiating processes associated with each of the ongoing scenarios from other processes;
key data extraction means for obtaining a packet traveling on the network and extracting the key data from the packet obtained;
ongoing scenario detection means for retrieving an ongoing scenario from the ongoing scenario storage means with the key data extracted by the key data extraction means as a search key;
check means for determining whether execution of a process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detection means follows one of the unauthorized access scenarios being stored in the unauthorized access scenario storage means;
ongoing scenario update means for updating the ongoing scenario being stored in the ongoing scenario storage means when a check result of the check means shows that the execution follows the one of the unauthorized access scenarios; and
report output means for outputting an unauthorized access report showing progress of processes executed based on the one of the unauthorized access scenarios, depending on the check result of the check means. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An unauthorized access detection method for detecting unauthorized accesses over a network, comprising the steps of:
-
obtaining a packet traveling on the network and extracting prescribed key data from the packet obtained;
retrieving an ongoing scenario from ongoing scenario storage means with the key data extracted from the packet as a search key, the ongoing scenario indicating progress of processes executed over the network based on an unauthorized access scenario, the unauthorized access scenario defining a procedure of processes to be executed over the network until an unauthorized access is made through preparation, the key data differentiating processes associated with the ongoing scenario from other processes;
checking unauthorized access scenario storage means storing the unauthorized access scenario to determine whether execution of a process indicated by the packet after the ongoing scenario retrieved follows the unauthorized access scenario;
updating the ongoing scenario being stored in the ongoing scenario storage mans when a check result shows that the execution follows the unauthorized access scenario; and
outputting an unauthorized access report indicating progress of processes executed based on the unauthorized access scenario, depending on the check result.
-
-
10. An unauthorized access detection program to detect unauthorized accesses over a network, the unauthorized access detection program causing a computer to function as:
-
unauthorized access scenario storage means for storing unauthorized access scenarios each defining a procedure of processes to be executed over the network until an unauthorized access is made through preparations;
ongoing scenario storage means for storing ongoing scenarios by relating the ongoing scenarios to key data, the ongoing scenarios each indicating progress of processes executed over the network based on one of the unauthorized access scenarios, the key data differentiating processes associated with each of the ongoing scenarios from other processes;
key data extraction means for obtaining a packet traveling on the network and extracting the key data from the packet obtained;
ongoing scenario detection means for retrieving an ongoing scenario from the ongoing scenario storage means with the key data extracted by the key data extraction means as a search key;
check means for determining whether execution of a process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detection means follows one of the unauthorized access scenarios being stored in the unauthorized access scenario storage means;
ongoing scenario update means for updating the ongoing scenario being stored in the ongoing scenario storage means when a check result of the check means shows that the execution follows the one of the unauthorized access scenarios; and
report output means for outputting an unauthorized access report showing progress of processes executed based on the one of the unauthorized access scenarios, depending on the check result of the check means.
-
-
11. A computer-readable recording medium storing an unauthorized access detection program to detect unauthorized accesses over a network, the unauthorized access detection program causing a computer to function as:
-
unauthorized access scenario storage means for storing unauthorized access scenarios each defining a procedure of processes to be executed over the network until an unauthorized access is made through preparation;
ongoing scenario storage means for storing ongoing scenarios by relating the ongoing scenarios to key data, the ongoing scenarios each indicating progress of processes executed over the network based on one of the unauthorized access scenarios the key data differentiating processes associated with each of the ongoing scenarios from other processes;
key data extraction means for obtaining a packet traveling on the network and extracting the key data from the packet obtained;
ongoing scenario detection means for retrieving an ongoing scenario from the ongoing scenario storage means with the key data extracted by the key data extraction means as a search key;
check means for determining whether execution of a process indicated by the packet after the ongoing scenario retrieved by the ongoing scenario detection means follows one of the unauthorized access scenarios being stored in the unauthorized access scenario storage means;
ongoing scenario update means for updating the ongoing scenario being stored in the ongoing scenario storage means when a check result of the check means shows that the execution follows the one of the unauthorized access scenarios; and
report output means for outputting an unauthorized access report showing progress of processes executed based on the one of the unauthorized access scenarios, depending on the check result of the check means.
-
Specification