ABNORMAL TRAFFIC DETECTION APPARATUS, ABNORMAL TRAFFIC DETECTION METHOD AND ABNORMAL TRAFFIC DETECTION PROGRAM

1. An abnormal traffic detection apparatus that, when traffics are transmitted and received between communication apparatuses connected to the Internet via a switch, monitors traffics passing through the switch and uses traffic information on the monitored traffics to detect abnormal traffics toward the communication apparatus, comprising:

• an amount information storing unit configured to store amount information on an amount of traffics as an amount information table, the amount information table corresponding to each communication apparatus that is a destination of the traffics, the amount information being included in the traffic information;
  
  a storage controlling unit configured to identify a router, which connects the communication apparatus as the destination of the traffics and the switch, and a destination IP address of the traffics on the basis of the traffic information, the storage controlling unit configured to register, when the identified destination IP address is a new destination IP address not stored in the amount information table, the new destination IP address in the amount information table and then store the amount information in the amount information table, which corresponds to the identified communication apparatus, the storage controlling unit configured to store, when the identified destination IP address is a destination IP address already stored in the amount information table, the amount information in the amount information table, which corresponds to the identified communication apparatus; and
  
  an abnormal traffic judging unit that judges, for each of the communication apparatuses or each of the routers, whether the traffic amount flowing through the switch is abnormal on the basis of the amount information stored in the amount information table.