Network security apparatus, network security control method and network security system
First Claim
1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
- a first port connected to the network, to import first telecommunication information currently from the network;
a second port connected to a telecommunication information accumulation apparatus, to import second telecommunication information accumulated by the telecommunication information accumulation apparatus historically; and
a processor configuredto judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method,to create and update the judgment reference information by learning the presence or absence of the abnormality,to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high,to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is lowto synchronize the operation of the second telecommunication information with the changed replay rate,to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, to categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising: an anomaly judgment unit for judging a presence or absence of an abnormality of the telecommunication information based on judgment reference information by using a statistical method; a learning unit for creating the judgment reference information from the telecommunication information; a first port for importing first telecommunication information currently from the network; a second port for importing second telecommunication information accumulated by a telecommunication information accumulation apparatus historically; and a telecommunication information allocation unit for allocating the first and second telecommunication information taken in respectively from the first and second ports to the anomaly judgment unit and the learning unit, wherein the learning unit creates the judgment reference information by learning the first and/or second telecommunication information.
11 Citations
10 Claims
-
1. A network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
-
a first port connected to the network, to import first telecommunication information currently from the network; a second port connected to a telecommunication information accumulation apparatus, to import second telecommunication information accumulated by the telecommunication information accumulation apparatus historically; and a processor configured to judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method, to create and update the judgment reference information by learning the presence or absence of the abnormality, to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high, to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is low to synchronize the operation of the second telecommunication information with the changed replay rate, to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, to categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A control method for use in a network security apparatus for monitoring telecommunication information flowing through a network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, comprising:
-
accumulating second telecommunication information which flowed through the network historically in a telecommunication information accumulation apparatus; inputting first telecommunication information currently flowing through the network from a first port and the second telecommunication information from a second port in parallel; judging a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information; creating and updating the judgment reference information by learning an illegitimate intrusion pattern judged by the judging; decreasing a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high; increasing the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is low; and synchronizing the operation of the second telecommunication information with the changed replay rate, wherein the network security apparatus includes the first port connected to the network, and the second port connected to the telecommunication information accumulation apparatus, and wherein the control method further comprises; allocating the first and second telecommunication information taken in respectively from the first and second ports, and categorizing the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information. - View Dependent Claims (7, 8)
-
-
9. A network security system, including:
a network security apparatus comprising; a first port connected to a network as the subject of monitoring, to import first telecommunication information currently flowing through the network; a second port to import second telecommunication information of the network historically which is accumulated in a telecommunication information accumulation apparatus; a processor configured to judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method, to create and update the judgment reference information by learning the presence or absence of the abnormality; to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, and to categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information; and a replay rate control apparatus, existing between the network security apparatus and the telecommunication information accumulation apparatus, to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high; to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is low; and
to synchronize the operation of the second telecommunication information with the changed replay rate.
-
10. A method comprising:
-
using a network monitored by a network security apparatus for monitoring telecommunication information flowing through the network and carrying out detection of, and/or protection from, an illegitimate intrusion to the network, wherein the network security apparatus comprises; a first port connected to the network, to import first telecommunication information currently from the network; a second port connected to a telecommunication information accumulation apparatus, to import second telecommunication information accumulated by the telecommunication information accumulation apparatus historically; and a processor configured to judge a presence or absence of an abnormality of the first and the second telecommunication information based on judgment reference information by using a statistical method, to create and update the judgment reference information by learning the presence or absence of the abnormality, to decrease a replay rate, which represents an input speed of the second telecommunication information in the telecommunication information accumulation apparatus to the second port, when a magnitude of a processing load at the network security apparatus is high, to increase the replay rate for allocating a spare resource of the network security apparatus to learning the second telecommunication information when the magnitude of the processing load is low, to synchronize the operation of the second telecommunication information with the changed replay rate, to allocate the first and second telecommunication information taken in respectively from the first and second ports to the processor, and to categorize the first and second telecommunication information into a time independent item and a time dependent item, simply to multiplex the time independent item included in the first and second telecommunication information, and to make the time dependent item of the second telecommunication information conform to a processing speed of the time dependent item of the first telecommunication information based on timing information at the time of picking up the second telecommunication information.
-
Specification