CYBER ATTACK EVALUATION METHOD AND CYBER ATTACK EVALUATION DEVICE
First Claim
1. A cyber attack evaluation method comprising:
- transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses;
transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses; and
outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information.
1 Assignment
0 Petitions
Accused Products
Abstract
A cyber attack evaluation method includes transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses, transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses, and outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information.
0 Citations
11 Claims
-
1. A cyber attack evaluation method comprising:
-
transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses; transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses; and outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A cyber attack evaluation device comprising:
-
a memory; and a processor coupled to the memory and the processor configured to; transmit, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses, transmit another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses, and perform, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, output of a result of diagnosing threat content of a cyber attack related to the first domain information. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium storing instructions executable by one or more computers, the instructions comprising:
-
one or more instructions for transmitting, based on first domain information included in cyber attack information, an inquiry about whether a first IP address associated with the first domain information is stored to a first management server configured to store associations between domain information and IP addresses; one or more instructions for transmitting another inquiry about a first answer history related to the first domain information to a second management server configured to store answer histories of the first management server by monitoring communication of the first management server, the answer histories being related to the associations between the domain information and the IP addresses; and one or more instructions for outputting, based on an answer of the inquiry acquired from the first management server and the first answer history acquired from the second management server, a result of diagnosing threat content of a cyber attack related to the first domain information.
-
Specification