ANOMALY DETECTION SYSTEM, ANOMALY DETECTION METHOD, AND PROGRAM FOR THE SAME
First Claim
1. An anomaly detection system for detecting an anomaly in a network, the system comprising:
- a plurality of industrial control systems (ICSs) connected to the network; and
an integrated analyzer for receiving an operating status of each ICS as monitoring data, specifying an ICS suspected of having an anomaly, and performing anomaly determination,wherein the system comprises, in each ICS;
a receiving unit for receiving data from another ICS;
a sending unit for sending data to the other ICS, and sending the monitoring data to the integrated analyzer;
a security policy including data recording and generation rules; and
a wrapper for controlling and sending the data to the other ICS, with reference to the security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
An anomaly detection system for detecting an anomaly within a network as a first embodiment in order to provide an anomaly detection system, anomaly detection method, and program for the same. An anomaly detection system which has a plurality of industrial control systems (hereinafter “ICS”s) which are connected to the network, an integrated analyzer which receives the operational status of each ICS as monitoring data in order to identify an ICS for which an anomaly is suspected so as to perform an anomaly assessment, a receiving unit provided for each ICS which receives data from other ICSs, a transmission unit which transmits data to other ICSs and transmits the monitoring data to the integrated analyzer, a security policy which includes recording of data and generation rules, and a wrapper which refers to the security policy in order to control the data so as to transmit the same to other ICSs.
22 Citations
9 Claims
-
1. An anomaly detection system for detecting an anomaly in a network, the system comprising:
-
a plurality of industrial control systems (ICSs) connected to the network; and an integrated analyzer for receiving an operating status of each ICS as monitoring data, specifying an ICS suspected of having an anomaly, and performing anomaly determination, wherein the system comprises, in each ICS; a receiving unit for receiving data from another ICS; a sending unit for sending data to the other ICS, and sending the monitoring data to the integrated analyzer; a security policy including data recording and generation rules; and a wrapper for controlling and sending the data to the other ICS, with reference to the security policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting an anomaly in a computer system connected via a network, the method comprising:
-
a plurality of industrial control systems (ICSs) connected to the network; and an integrated analyzer for receiving an operating status of each ICS as monitoring data, specifying an ICS suspected of having an anomaly, and performing anomaly determination, wherein the method comprises, in each ICS; receiving data from another ICS; sending data to the other ICS, and sending the monitoring data to the integrated analyzer; a security policy including data recording and generation rules; and a step of controlling and sending the data to the other ICS, with reference to the security policy.
-
-
8. A computer program for detecting an anomaly in a plurality of industrial control systems (ICSs) connected to a network, the program comprising:
- an integrated analyzer for receiving an operating status of each ICS as monitoring data, specifying an ICS suspected of having an anomaly, and performing anomaly determination; and
a security policy provided in each ICS and including data recording and generation rules, the program causing a computer of each ICS to execute;a function of receiving data from an other ICS; a function of sending data to the other ICS, and sending the monitoring data to the integrated analyzer; and a function of controlling and sending the data to the other ICS, with reference to the security policy. - View Dependent Claims (9)
- an integrated analyzer for receiving an operating status of each ICS as monitoring data, specifying an ICS suspected of having an anomaly, and performing anomaly determination; and
Specification