Method and apparatus for detecting unauthorized-access, and computer product
First Claim
Patent Images
1. An unauthorized-access detecting apparatus that detects unauthorized access to a server that provides a service via a network, the unauthorized-access detecting apparatus comprising:
- a storing unit that stores an unauthorized-access event string including a series of process requests made by an unauthorized user in past times, and a transition probability and a time interval between two consecutive process requests included in the unauthorized-access event string;
a receiving unit that receives a process request from a user; and
a judging unit that judges whether an unauthorized access occurs or not by comparing the unauthorized-access event string stored in the storing unit with an event string including a series of process requests received by the receiving unit, and, when it is determined that the event string matches with at least a portion of the unauthorized-access event string, estimates an occurrence time of the unauthorized access by adding time intervals between process requests included in the unauthorized-access event string and estimates a probability of an occurrence of the unauthorized access by multiplying transition probabilities between process requests included in the unauthorized-access event string.
1 Assignment
0 Petitions
Accused Products
Abstract
An unauthorized-access detecting apparatus that detects unauthorized access to a server that provides a service via a network includes a storing unit that stores a series of process request, which is made by an unauthorized user via an unauthorized client, as an unauthorized-access event string; and a judging unit that compares a new process request with the unauthorized-access event string stored in the storing unit, and judges whether the process request is the unauthorized access based on a result of comparison.
-
Citations
21 Claims
-
1. An unauthorized-access detecting apparatus that detects unauthorized access to a server that provides a service via a network, the unauthorized-access detecting apparatus comprising:
-
a storing unit that stores an unauthorized-access event string including a series of process requests made by an unauthorized user in past times, and a transition probability and a time interval between two consecutive process requests included in the unauthorized-access event string; a receiving unit that receives a process request from a user; and a judging unit that judges whether an unauthorized access occurs or not by comparing the unauthorized-access event string stored in the storing unit with an event string including a series of process requests received by the receiving unit, and, when it is determined that the event string matches with at least a portion of the unauthorized-access event string, estimates an occurrence time of the unauthorized access by adding time intervals between process requests included in the unauthorized-access event string and estimates a probability of an occurrence of the unauthorized access by multiplying transition probabilities between process requests included in the unauthorized-access event string. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An unauthorized-access detecting method comprising:
-
storing an unauthorized-access event string including a series of process requests made by an unauthorized user in past times, and a transition probability and a time interval between two consecutive process requests included in the unauthorized-access event string; receiving a process request from a user; judging whether an unauthorized access occurs or not by comparing the unauthorized-access event string stored, with an event string including a series of process requests received from the user; estimating, when it is determined that the event string matches with at least a portion of the unauthorized-access event string, a probability of an occurrence of the unauthorized access by multiplying a plurality of transition probabilities between process requests included in the unauthorized-access event string; and estimating, when it is determined that the event string matches with at least a portion of the unauthorized-access event string, an occurrence time of the unauthorized access by adding together a plurality of time intervals between process requests included in the unauthorized-access event string. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable recording medium that stores a computer program for detecting an unauthorized-access, the computer program makes the computer execute:
- storing an unauthorized-access event string including a series of process requests made by an unauthorized user in past times, and a transition probability and a time interval between two consecutive process requests included in the unauthorized-access event string;
receiving a process request from a user;
judging whether an unauthorized access occurs or not by comparing the unauthorized-access event string stored, with an event string including a series of process requests received from the user;
estimating, when it is determined that the event string matches with at least a portion of the unauthorized-access event string, a probability of an occurrence of the unauthorized access by multiplying a plurality of transition probabilities between process requests included in the unauthorized-access event string; and
estimating, when it is determined that the event string matches with at least a portion of the unauthorized-access event string, an occurrence time of the unauthorized access by adding together a plurality of time intervals between process requests included in the unauthorized-access event string. - View Dependent Claims (16, 17, 18, 19, 20, 21)
- storing an unauthorized-access event string including a series of process requests made by an unauthorized user in past times, and a transition probability and a time interval between two consecutive process requests included in the unauthorized-access event string;
Specification