CYBER ATTACK EVALUATION METHOD AND CYBER ATTACK EVALUATION DEVICE

US 20200137095A1
Filed: 10/18/2019
Published: 04/30/2020
Est. Priority Date: 10/31/2018
Status: Active Grant

First Claim

Patent Images

1. A cyber attack evaluation method comprising:

transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses;

transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses; and

outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cyber attack evaluation method includes transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses, transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses, and outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information.

0 Citations

11 Claims

1. A cyber attack evaluation method comprising:
- transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses;
  
  transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses; and
  
  outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The cyber attack evaluation method according to claim 1, whereinthe outputting includes outputting a usage period during which the first IP address associated with the first domain information is used for the cyber attack when the answer indicates that the first IP address is stored, andthe usage period is determined based on the first answer history.
  - 3. The cyber attack evaluation method according to claim 2, whereinthe outputting includes determining the usage period based on one or more existence periods of one or more IP addresses associated with the first domain information according to the first answer history.
  - 4. The cyber attack evaluation method according to claim 3, whereinthe determining is executed based on a ratio of a number of IP addresses that are included in the one or more IP addresses and of which existence periods are shorter than a threshold with respect to a number of the one or more IP addresses.
  - 5. The cyber attack evaluation method according to claim 1, whereinthe outputting includes outputting a validity degree of the cyber attack related to the first domain information based on a result of comparing an oldest date included in the first answer history with a current date.

6. A cyber attack evaluation device comprising:
- a memory; and
  
  a processor coupled to the memory and the processor configured to;
  
  transmit, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses,transmit another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses, andperform, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, output of a result of diagnosing threat content of a cyber attack related to the first domain information.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The cyber attack evaluation device according to claim 6, whereinthe output includes outputting a usage period during which the first IP address associated with the first domain information is used for the cyber attack when the answer indicates that the first IP address is stored, andthe usage period is determined based on the first answer history.
  - 8. The cyber attack evaluation device according to claim 7, whereinthe output includes determining the usage period based on one or more existence periods of one or more IP addresses associated with the first domain information according to the first answer history.
  - 9. The cyber attack evaluation device according to claim 8, whereinthe determining is executed based on a ratio of a number of IP addresses that are included in the one or more IP addresses and of which existence periods are shorter than a threshold with respect to a number of the one or more IP addresses.
  - 10. The cyber attack evaluation device according to claim 6, whereinthe output includes outputting a validity degree of the cyber attack related to the first domain information based on a result of comparing an oldest date included in the first answer history with a current date.

11. A non-transitory computer-readable medium storing instructions executable by one or more computers, the instructions comprising:
- one or more instructions for transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses;
  
  one or more instructions for transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses; and
  
  one or more instructions for outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
TANIGUCHI, Tsuyoshi

Granted Patent

US 11,290,474 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/566   Dynamic detection, i.e. det...

H04L 61/4511   using domain name system [DNS]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

CYBER ATTACK EVALUATION METHOD AND CYBER ATTACK EVALUATION DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

CYBER ATTACK EVALUATION METHOD AND CYBER ATTACK EVALUATION DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links