INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM
First Claim
1. An information processing apparatus comprising:
- processing circuitryto store, for a plurality of events, event stage information describing an event, a pre-event stage, and a post-event stage, the event being observed by an information system when an attack against the information system is underway, the pre-event stage being a stage of a progress of an attack before the event is observed, the post-event stage being a stage of a progress of an attack after the event is observed;
to receive observed event notice information notifying an observed event which is observed by the information system; and
to search for event stage information describing the observed event notified by the observed event notice information, to acquire a post-event stage of the observed event from the event stage information searched for, to search for event stage information describing a pre-event stage corresponding to the acquired post-event stage of the observed event, and to extract an event predicted to be observed by the information system, based on the event stage information searched for, as an observation predicted event.
1 Assignment
0 Petitions
Accused Products
Abstract
An attack activity definition information database 111 stores, for a plurality of events, attack activity definition information describing an event, a precondition, and an achieved phenomenon. The event is observed by an information system when an attack against the information system is underway. The precondition is a prerequisite condition for the event to be observed. The achieved phenomenon is a phenomenon of the time after the event is observed. An event receiving part 108 receives observed event notice information notifying an observed event which is observed by the information system. An attack activity predicting part 105 acquires an achieved phenomenon from the attack activity definition information describing the observed event notified by the observed event notice information, and extracts an event that is predicted to be observed by the information system, based on the attack activity definition information describing a precondition corresponding to the acquired achieved phenomenon of the observed event.
15 Citations
18 Claims
-
1. An information processing apparatus comprising:
-
processing circuitry to store, for a plurality of events, event stage information describing an event, a pre-event stage, and a post-event stage, the event being observed by an information system when an attack against the information system is underway, the pre-event stage being a stage of a progress of an attack before the event is observed, the post-event stage being a stage of a progress of an attack after the event is observed; to receive observed event notice information notifying an observed event which is observed by the information system; and to search for event stage information describing the observed event notified by the observed event notice information, to acquire a post-event stage of the observed event from the event stage information searched for, to search for event stage information describing a pre-event stage corresponding to the acquired post-event stage of the observed event, and to extract an event predicted to be observed by the information system, based on the event stage information searched for, as an observation predicted event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An information processing method performed by a computer that stores, for a plurality of events, event stage information describing an event, a pre-event stage, and a post-event stage, the event being observed by an information system when an attack against the information system is underway, the pre-event stage being a stage of a progress of an attack before the event is observed, the post-event stage being a stage of a progress of an attack after the event is observed, the information processing method comprising:
-
receiving observed event notice information notifying an observed event which is observed by the information system; and searching for event stage information describing the observed event notified by the observed event notice information, acquiring a post-event stage of the observed event from the event stage information searched for, searching for event stage information describing a pre-event stage corresponding to the acquired post-event stage of the observed event, and extracting an event predicted to be observed by the information system, based on the event stage information searched for, as an observation predicted event.
-
-
18. A program to cause a computer that stores, for a plurality of events, event stage information describing an event, a pre-event stage, and a post-event stage, the event being observed by an information system when an attack against the information system is underway, the pre-event stage being a stage of a progress of an attack before the event is observed, the post-event stage being a stage of a progress of an attack after the event is observed, to execute:
-
receiving observed event notice information notifying an observed event which is observed by the information system; and searching for event stage information describing the observed event notified by the observed event notice information, acquiring a post-event stage of the observed event from the event stage information searched for, searching for event stage information describing a pre-event stage corresponding to the acquired post-event stage of the observed event, and extracting an event predicted to be observed by the information system, based on the event stage information searched for, as an observation predicted event.
-
Specification