Network security apparatus, network security control method and network security system
First Claim
1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
- an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method;
a learning unit for creating the judgment reference information from the telecommunication information;
a first port for importing first telecommunication information currently from the network;
a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and
a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising: an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method; a learning unit for creating the judgment reference information from the telecommunication information; a first port for importing first telecommunication information currently from the network; a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information.
107 Citations
11 Claims
-
1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
-
an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method;
a learning unit for creating the judgment reference information from the telecommunication information;
a first port for importing first telecommunication information currently from the network;
a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and
a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A control method for use in a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
-
a first process for accumulating second telecommunication information which flowed through the network historically;
a second process for inputting first telecommunication information currently flowing through the network and the second telecommunication information in parallel; and
a third process for learning, from the first and/or second telecommunication information, judgment reference information used for an abnormality judgment which judges a presence or absence of an abnormality of the first telecommunication information by using a statistical method. - View Dependent Claims (9, 10)
-
-
11. A network security system, including:
-
a network security apparatus comprising a first port, being connected to a network as the subject of monitoring, for importing first telecommunication information currently flowing through the network, a second port for importing second telecommunication information of the network historically which is accumulated in a telecommunication information accumulation apparatus, and a learning unit for learning judgment reference information used for an abnormality judgment which judges a presence or absence of an abnormality of the telecommunication information by using a statistical method; and
a replay rate control apparatus, existing between the network security apparatus and the telecommunication information accumulation apparatus, for controlling a replay rate of the second telecommunication information from the telecommunication information accumulation apparatus to the network security apparatus.
-
Specification