INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER READABLE MEDIUM
1 Assignment
0 Petitions
Accused Products
Abstract
A receiving unit (111) receives log information of a data communication that has occurred in a data processing system (106), as communication log information. An attacked terminal log information identification unit (113) retrieves, from among a plurality of pieces of processing log information being log information of data processing performed in the data processing system (106), processing log information of data processing related to the data communication, based on the communication log information. A terminal log information falsification detection unit (114) determines that processing log information being at least a part of the plurality of pieces of processing log information is falsified when the corresponding processing log information is not retrieved by the attacked terminal log information identification unit (113).
-
Citations
22 Claims
-
1-14. -14. (canceled)
-
15. An information processing apparatus comprising:
-
processing circuitry; to receive, with respect to an attack data communication to attack a data processing system including a plurality of devices, as attack communication log information, communication log information indicating an association between a communication time of the attack data communication, an attack step indicating a progress degree of an attack, and an attack-involved device being one of the plurality of devices in the data processing system and having been involved in the attack data communication, to search processing log information indicating, with respect to each of a plurality of pieces of data processing performed by the plurality of devices, an association between a processing time of each of the plurality of pieces of data processing, a data processing device being one of the plurality of devices in the data processing system and having performed the data processing, and a user of the data processing device, to obtain a retrieval result indicating an association of the attack step and the user associated with the data processing whose processing time matches the communication time within an allowable error range and whose data processing device is the same as the attack-involved device, the data processing being related to the attack data communication, and to analyze the association between the attack step and the user indicated in the retrieval result, to identify an attack user who has performed the attack data communication. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. An information processing method comprising:
-
receiving, with respect to an attack data communication to attack a data processing system including a plurality of devices, as attack communication log information, communication log information indicating an association between a communication time of the attack data communication, an attack step indicating a progress degree of an attack, and an attack-involved device being one of the plurality of devices in the data processing system and having been involved in the attack data communication; searching processing log information indicating, with respect to each of a plurality of pieces of data processing performed by the plurality of devices, an association between a processing time of each of the plurality of pieces of data processing, a data processing device being one of the plurality of devices in the data processing system and having performed the data processing, and a user of the data processing device, to obtain a retrieval result indicating an association of the attack step and the user associated with the data processing whose processing time matches the communication time within an allowable error range and whose data processing device is the same as the attack-involved device, the data processing being related to the attack data communication; and analyzing the association between the attack step and the user indicated in the retrieval result to identify an attack user who has performed the attack data communication.
-
-
22. A non-transitory computer readable medium storing a program to cause a computer to execute:
-
receiving, with respect to an attack data communication to attack a data processing system including a plurality of devices, as attack communication log information, communication log information indicating an association between a communication time of the attack data communication, an attack step indicating a progress degree of an attack, and an attack-involved device being one of the plurality of devices in the data processing system and having been involved in the attack data communication; searching processing log information indicating, with respect to each of a plurality of pieces of data processing performed by the plurality of devices, an association between a processing time of each of the plurality of pieces of data processing, a data processing device being one of the plurality of devices in the data processing system and having performed the data processing, and a user of the data processing device, to obtain a retrieval result indicating an association of the attack step and the user associated with the data processing whose processing time matches the communication time within an allowable error range and whose data processing device is the same as the attack-involved device, the data processing being related to the attack data communication; and analyzing the association between the attack step and the user indicated in the retrieval result to identify an attack user who has performed the attack data communication.
-
Specification