EFFECTIVE DETECTION OF A COMMUNICATION APPARATUS PERFORMING AN ABNORMAL COMMUNICATION
First Claim
Patent Images
1. A network monitoring device comprising:
- a memory; and
a processor coupled to the memory and configured to;
extract a server process from a communication in a network to generate log data in which a combination of addresses of access sources in the server process is recorded, andcompare a combination of past addresses recorded in the log data with a combination of addresses in a specific target access to identify a first communication apparatus performing an abnormal communication.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus extracts a server process from a communication in a network to generate log data in which a combination of addresses of access sources in the server process is recorded, and compares a combination of past addresses recorded in the log data with a combination of addresses in a specific target access to identify a first communication apparatus performing an abnormal communication.
-
Citations
12 Claims
-
1. A network monitoring device comprising:
-
a memory; and a processor coupled to the memory and configured to; extract a server process from a communication in a network to generate log data in which a combination of addresses of access sources in the server process is recorded, and compare a combination of past addresses recorded in the log data with a combination of addresses in a specific target access to identify a first communication apparatus performing an abnormal communication. - View Dependent Claims (2, 3)
-
-
4. A network monitoring method comprising:
-
extracting a server process from a communication in a network to generate log data in which a combination of addresses of access sources in the server process is recorded; and comparing a combination of past addresses recorded in the log data with a combination of addresses in a specific target access to identify a first communication apparatus performing an abnormal communication. - View Dependent Claims (5, 6)
-
-
7. A network monitoring method comprising:
-
monitoring communications within a network; identifying a source address and a destination address for each of the communications; aggregating server process addresses and groups of addresses based on the source address and the destination address for each of the communications; generating a profile database based on the aggregating; identifying a server as an intruder server, using the profile database; and registering the intruder server in an intruder list. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification