Network unauthorized access analysis method, network unauthorized access analysis apparatus utilizing the method, and computer-readable recording medium having network unauthorized access analysis program recorded thereon
First Claim
1. A method for analyzing an unauthorized access on a network so constructed as to perform communication between information communication stations by using a layered protocol, the network unauthorized access analysis method comprising:
- a data collecting step for capturing a packet transmitted on the network;
a data creating step for setting parameters of layered modules according to a layered protocol based on information specified by a previously-read configuration file and filtering the packet obtained from the data collecting step by using the layered modules to reassemble the-fragmented data which is the packet into a layer previously selected from any one of the layers used in the layered protocol in order to create analysis data; and
a data analyzing step for judging whether an unauthorized access is generated in the analysis data obtained from the data creating step based on the content specified by the previously-read configuration file.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a network unauthorized access analysis method, a network unauthorized access analysis apparatus utilizing this method and a computer-readable recording medium having a network unauthorized access analysis program recorded thereon, and is capable of processing arbitrary data, performing arbitrary communication between networks, easily dealing with an increase in a number of protocols and coping with arbitrary protocols. A network unauthorized access analysis system 50 for realizing these features analyzes an unauthorized access on a network performing communication between information communication stations by using a layered protocol and includes: a data collecting section 55 for capturing a packet PT transmitted on a network 3; a data creating section 56 for creating analysis data DT by setting parameters of layered modules according to a layered protocol based on information of a previously-read configuration file and processing the packet from the data collecting section by the layered modules; and a data analyzing section 57 for judging whether an unauthorized access is generated in the analysis data DT based on the content described in that file.
81 Citations
24 Claims
-
1. A method for analyzing an unauthorized access on a network so constructed as to perform communication between information communication stations by using a layered protocol, the network unauthorized access analysis method comprising:
- a data collecting step for capturing a packet transmitted on the network;
a data creating step for setting parameters of layered modules according to a layered protocol based on information specified by a previously-read configuration file and filtering the packet obtained from the data collecting step by using the layered modules to reassemble the-fragmented data which is the packet into a layer previously selected from any one of the layers used in the layered protocol in order to create analysis data; and
a data analyzing step for judging whether an unauthorized access is generated in the analysis data obtained from the data creating step based on the content specified by the previously-read configuration file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- a data collecting step for capturing a packet transmitted on the network;
-
9. An apparatus for analyzing an unauthorized access on a network so constructed as to perform communication between information communication stations by using a layered protocol, the network unauthorized access analysis apparatus comprising:
- a data collecting section for capturing a packet transmitted on the network;
a data creating section for setting parameters of layered modules according to a layered protocol based on information specified by a previously-read configuration file and filtering the packet obtained from the data collecting section by using the layered modules to reassemble the fragmented data which is the packet into a layer previously selected from any one of the layers used in the layered protocol in order to create analysis data; and
a data analyzing section for judging whether an unauthorized access is generated in the analysis data obtained from the data creating section based on the content specified by the previously-read configuration file. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- a data collecting section for capturing a packet transmitted on the network;
-
17. A computer-readable recording medium having a program recorded thereon for causing a computer to execute:
- a data collecting procedure for capturing a packet transmitted on a network so constructed as to perform communication between information communication stations by using a layered protocol;
a data creating procedure for setting parameters of layered modules according to a layered protocol based on information specified by a previously-read configuration file and filtering the packet obtained from the data collecting procedure by using the layered modules to reassemble the fragmented data which is the packet into a layer previously selected from any one of the layers used in the layered protocol in order to create analysis data; and
a data analyzing procedure for judging whether an unauthorized access is generated in the analysis data obtained from the data creating procedure based on the content specified by the previously-read configuration file. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- a data collecting procedure for capturing a packet transmitted on a network so constructed as to perform communication between information communication stations by using a layered protocol;
Specification