-
公开(公告)号:EP3367288A1
公开(公告)日:2018-08-29
申请号:EP16870317.1
申请日:2016-10-18
摘要: A classification device (10) constructs tree structure data in which attribute information relating to a single communication or multiple communications serves as a terminal node, from a series of communications with a single communication destination or multiple communication destinations that take place when software is executed, calculates attribute information on a higher node on the basis of attribute information on the terminal node, and classifies the software by specifying the type of the software on the basis of attribute information on the highest node.
-
2.发明公开
公开(公告)号:EP3859578A1
公开(公告)日:2021-08-04
申请号:EP19886219.5
申请日:2019-10-10
摘要: A phishing site detection device (10) extracts, from a phishing kit, a condition of access sources with which the access to a phishing site is blocked. Then, the phishing site detection device (10) accesses a phishing site constructed by the phishing kit using one or more extracted conditions of access sources, and stores an access result for each condition of access sources in an access result storage module (16). Thereafter, the phishing site detection device (10) sets a condition of access sources with which the access to the phishing site constructed by the phishing kit is blocked, accesses a website to be detected, and determines whether the website is a phishing site on the basis of the access result.
-
公开(公告)号:EP3742677A1
公开(公告)日:2020-11-25
申请号:EP18900652.1
申请日:2018-12-21
IPC分类号: H04L12/28
摘要: A detection device includes: an object data extraction unit that extracts, from one or more pieces of communication data which are transmitted from one or more electronic control units, at least part of a payload contained in communication data that satisfies a predetermined condition, information by which the communication interval between the communication data can be calculated, and a serial number of the communication data as object data; a partial sequence creation unit that creates, using the extracted object data, a partial sequence containing information corresponding to at least part of a payload and information indicating a communication interval from two or more pieces of object data with the same serial number; and a detection unit that detects, using the created partial sequence, predetermined communication data based on the order relation between at least part of a payload and the corresponding part of another payload and a communication interval. The predetermined condition is a condition for extracting only communication data which is transmitted periodically and also in conjunction with a predetermined event.
-
公开(公告)号:EP3486809A1
公开(公告)日:2019-05-22
申请号:EP17858061.9
申请日:2017-08-07
摘要: A classification apparatus (1) is a classification apparatus that classifies sequential data, in which input communication destinations in a plurality of communications are recorded in order of occurrence of the communications, into a class that has a similar feature, and includes a numerical vector calculation unit (14) configured to calculate numerical vectors that represent characteristics of communication destinations for each of the communication destinations, on the basis of sequential data in which the communication destinations in a plurality of communications are recorded in order of occurrence of the communications, and a classification unit (15) configured to classify the sequential data into a class that has a similar feature, on the basis of order relation of the communication destinations of the numerical vectors.
-
5.发明公开
公开(公告)号:EP3848822A1
公开(公告)日:2021-07-14
申请号:EP19871644.1
申请日:2019-10-07
IPC分类号: G06F16/906 , G06N20/00
摘要: A data classification device (1) includes: a known data input unit (3) that receives an input of known data, the known data being data already classified into a class and a subclass subordinate to the class; a feature extraction unit (4) that extracts, from features included in the known data, a feature that causes classification of the known data belonging to the same class into a subclass using the feature to fail; and a classification unit (5) that classifies classification target data into a class using the feature extracted by the feature extraction unit (4) .
-
6.发明公开
公开(公告)号:EP3454230A1
公开(公告)日:2019-03-13
申请号:EP17813066.2
申请日:2017-05-15
IPC分类号: G06F17/30
摘要: An access classification device (10) includes a tree construction unit (13), a node association unit (14), a similarity calculation unit (15), and a classification unit (16). The tree construction unit (13) creates a plurality of trees in each of which at least a first destination and a second destination are set as nodes, content information corresponding to the nodes is added to the nodes, and an instruction to transfer a series of accesses from the first destination to the second destination is set as an edge. For the plurality of trees, the node association unit (14) associates nodes of the plurality of trees with each other, based on similarity between local structures of the trees. The similarity calculation unit (15) calculates similarity between the nodes associated with each other, based on the content information, and calculates similarity between the plurality of trees using the calculated similarity between the nodes. The classification unit (16) classifies the accesses into a set with similar features, based on the calculated similarity.
-
公开(公告)号:EP4030324A1
公开(公告)日:2022-07-20
申请号:EP19948248.0
申请日:2019-10-09
IPC分类号: G06F21/55
摘要: A level estimation apparatus (10) receives event logs of events detected by each network device or application. Then, the level estimation apparatus (10) calculates the degrees of similarity among the events, and estimates a level of a predetermined event based on the calculated degrees of similarity among the events and a level of at least one of the events. Here, in the calculation of the degrees of similarity among the events, when calculating a degree of similarity between events detected by different network devices or applications, the level estimation apparatus (10) uses a degree of similarity to a common event, which is an event that has been detected mutually by the different network devices or applications.
-
8.发明授权
公开(公告)号:EP3287909B1
公开(公告)日:2019-07-03
申请号:EP16803343.9
申请日:2016-05-31
-
9.发明公开ACCESS CLASSIFICATION DEVICE, ACCESS CLASSIFICATION METHOD, AND ACCESS CLASSIFICATION PROGRAM 有权接入分类设备,接入分类方法和接入分类程序
公开(公告)号:EP3287909A1
公开(公告)日:2018-02-28
申请号:EP16803343.9
申请日:2016-05-31
IPC分类号: G06F17/30
CPC分类号: H04L63/1425 , G06F16/00 , G06F16/2246 , G06F16/285 , G06F21/51 , G06F21/56 , H04L63/1416
摘要: An access classifying device (10) includes a tree building unit (13), a similarity-degree calculating unit (14), and a classifying unit (16). The tree building unit (13) generates multiple trees, in which a first server and multiple second servers are nodes and commands for automatically transferring the sequence of accesses from the above-described first server to the above-described second servers are edges. The similarity-degree calculating unit (14) calculates the degree of similarity between the above-described trees in accordance with the degree of matching between partial trees included in each of the above-described trees generated. The classifying unit (16) classifies the above-described access in accordance with the above-described degree of similarity calculated.
摘要翻译: 访问分类装置(10)包括树形成单元(13),相似度计算单元(14)和分类单元(16)。 树构建单元(13)生成多个树,其中第一服务器和多个第二服务器是节点,并且用于将来自上述第一服务器的访问序列自动传送到上述第二服务器的命令是边缘。 相似度计算单元(14)根据生成的每个上述树中包括的部分树之间的匹配度来计算上述树之间的相似度。 分类单元(16)根据所计算的上述相似度来对上述访问进行分类。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.012 秒)
