公开(公告)号：US07564837B2

公开(公告)日：2009-07-21

申请号：US11364002

申请日：2006-03-01

申请人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

发明人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

IPC分类号： H04L12/66

CPC分类号： H04L63/145

摘要： A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

摘要翻译： 记录网络关闭控制程序的记录介质，允许采取适当的预防措施。 检测器监视要管理的每个网段，并且在检测到满足预定条件的通信时，检测器生成检测通知，并将该通知发送到隔离管理器。 在获取由本地设备的检测器产生的检测通知或由远程网络关闭设备生成的检测通知时，隔离管理器根据存储在隔离策略存储器中的隔离策略生成关闭操作请求，并将请求发送到 通信关闭单元。 根据关机操作请求，通信关机单元设置识别关机目标的关闭数据，并控制要从网段输入和输出的分组，使得分组可以被切断或通过。

公开(公告)号：US20070101404A1

公开(公告)日：2007-05-03

申请号：US11368429

申请日：2006-03-07

申请人： Yoshiki Higashikado ,  Masashi Mitomo ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

发明人： Yoshiki Higashikado ,  Masashi Mitomo ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

IPC分类号： H04L9/32

CPC分类号： H04L29/12924 ,  H04L29/12584 ,  H04L61/2596 ,  H04L61/6063 ,  H04L63/0236

摘要： In a network relay device, unauthorized access from an internal computer to an external network is detected, an unauthorized destination service port used for the unauthorized access is specified, and a substitute port is allocated. A service relay unit and the internal computer are instructed to use the substitute port instead of the unauthorized destination service port, and an unauthorized access notification is sent. Mutual conversion of the unauthorized destination service port and a substitute service port is carried out, to relay a packet between an internal network and the external network.

摘要翻译： 在网络中继装置中，检测到从内部计算机到外部网络的未经授权的访问，指定用于未经授权的访问的未经授权的目的地服务端口，并且分配替代端口。 指示服务中继单元和内部计算机使用替代端口而不是未经授权的目的地服务端口，并发送未经授权的访问通知。 执行未经授权的目的地业务端口和替代业务端口的相互转换，以在内部网络与外部网络之间转发数据包。

公开(公告)号：US20060291469A1

公开(公告)日：2006-12-28

申请号：US11348335

申请日：2006-02-07

申请人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

发明人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： H04L12/56

CPC分类号： H04L63/1408 ,  H04L63/145

摘要： A computer-readable recording medium recording a worm detection program which is preferably usable for a large-scale network and is capable of detecting worm communication with little information. A worm detection device which runs this program has a switching hub function, and comprises five physical ports that are network interfaces, a communication acquisition section, and a worm detector, for example. The communication acquisition section acquires ICMP type3 (destination unreachable message) packets going out of the physical ports. The worm detector determines whether the packet communication is worm communication, based on information on the ICMP type3 packets obtained for each source MAC address by the communication acquisition section and worm criteria set for determining whether communication is worm communication.

摘要翻译： 记录蠕虫检测程序的计算机可读记录介质，其优选地可用于大规模网络，并且能够检测到具有很少信息的蠕虫通信。 运行该程序的蠕虫检测装置具有交换集线器功能，例如包括作为网络接口的五个物理端口，通信采集部分和蠕虫检测器。 通信获取部分获取离开物理端口的ICMP类型3（目的地不可达消息）。 蠕虫检测器基于通过通信获取部分针对每个源MAC地址获得的ICMP类型3分组的信息和用于确定通信是否是蠕虫通信的蠕虫标准来确定分组通信是否是蠕虫通信。

公开(公告)号：US08307445B2

公开(公告)日：2012-11-06

申请号：US12168281

申请日：2008-07-07

申请人： Bintatsu Noda ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

发明人： Bintatsu Noda ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： H04L29/06

CPC分类号： H04L63/1408 ,  G06F21/50

摘要： An anti-worm program allows a computer to execute control of communication suspected as worm communication, the program allowing the computer to execute: a communication information acquisition step that acquires communication information which is information concerning communication from a target source; and a communication control step that has a control amount calculation formula for calculating the control amount of the communication from the target source using the communication information and performs control of the communication from the target source based on the communication control amount obtained using the control amount calculation formula.

摘要翻译： 防蠕虫程序允许计算机执行怀疑为蠕虫通信的通信的控制，所述程序允许计算机执行：通信信息获取步骤，获取作为来自目标源的通信的信息的通信信息; 以及通信控制步骤，具有控制量计算公式，用于使用所述通信信息从目标源计算通信的控制量，并且基于使用所述控制量计算获得的通信控制量来执行来自所述目标源的通信的控制 式。

公开(公告)号：US20080271148A1

公开(公告)日：2008-10-30

申请号：US12168281

申请日：2008-07-07

申请人： Bintatsu NODA ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

发明人： Bintatsu NODA ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： G06F21/00

CPC分类号： H04L63/1408 ,  G06F21/50

摘要： An anti-worm program allows a computer to execute control of communication suspected as worm communication, the program allowing the computer to execute: a communication information acquisition step that acquires communication information which is information concerning communication from a target source; and a communication control step that has a control amount calculation formula for calculating the control amount of the communication from the target source using the communication information and performs control of the communication from the target source based on the communication control amount obtained using the control amount calculation formula.

摘要翻译： 防蠕虫程序允许计算机执行怀疑为蠕虫通信的通信的控制，所述程序允许计算机执行：通信信息获取步骤，获取作为来自目标源的通信的信息的通信信息; 以及通信控制步骤，具有控制量计算公式，用于使用所述通信信息从目标源计算通信的控制量，并且基于使用所述控制量计算获得的通信控制量来执行来自所述目标源的通信的控制 式。

公开(公告)号：US20060291490A1

公开(公告)日：2006-12-28

申请号：US11346243

申请日：2006-02-03

申请人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

发明人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： H04L12/56

CPC分类号： H04L63/145

摘要： A computer-readable recording medium having recorded a worm determination program capable of reliably determining a worm-infected communication. A worm determination apparatus for executing the program includes a plurality of physical ports functioning as network connection ports, a communication-information-acquisition unit, and a worm determination unit. The communication-information-acquisition unit acquires information about a packet type, classified according to a transmission-source address. The worm determination unit determines whether a communication is performed by a worm, based on the information about the packet type, classified according to the transmission-source address, acquired by the communication-information-acquisition unit and a determination criterion used for determining whether a communication is performed by a worm.

摘要翻译： 一种记录了能够可靠地确定蠕虫感染通信的蠕虫确定程序的计算机可读记录介质。 用于执行程序的蠕虫确定装置包括用作网络连接端口的多个物理端口，通信信息获取单元和蠕虫确定单元。 通信信息获取单元获取关于根据发送源地址分类的分组类型的信息。 蠕虫确定单元基于由通信信息获取单元获取的根据发送源地址分类的关于分组类型的信息，以及用于确定是否由 通信由蠕虫执行。

公开(公告)号：US20070011745A1

公开(公告)日：2007-01-11

申请号：US11376083

申请日：2006-03-16

申请人： Masashi Mitomo ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

发明人： Masashi Mitomo ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

IPC分类号： G06F12/14

CPC分类号： H04L63/1425

摘要： A computer-readable recording medium recording a worm detection parameter setting program for setting an appropriate worm detection parameter for target environments. When a log reader loads a communication log created within a prescribed time period, a log classifier classifies the entries of the communication log into categories based on communication contents. A frequency distribution creator analyzes the entries of a category, counts the number of appearance of each worm detection parameter value for each object of a preset network unit, and creates frequency distribution information. A threshold derivation unit analyzes the frequency distribution information and derives a threshold value that is used for determining whether a worm is propagating. An output unit outputs to an output device the threshold value for the worm detection parameter for the category, together with the frequency distribution information created by the frequency distribution creator, thereby providing a user with the information.

摘要翻译： 记录用于针对目标环境设定适当的蠕虫检测参数的蠕虫检测参数设定程序的计算机可读记录介质。 当日志读取器加载在规定时间段内创建的通信日志时，日志分类器基于通信内容将通信日志的条目分类成类别。 频率分布创建者分析类别的条目，计算预设网络单元的每个对象的每个蠕虫检测参数值的出现次数，并且创建频率分布信息。 阈值导出单元分析频率分布信息并导出用于确定蠕虫正在传播的阈值。 输出单元向输出设备输出用于该类别的蠕虫检测参数的阈值以及由频率分布创建者创建的频率分布信息，从而向用户提供该信息。

公开(公告)号：US20070002838A1

公开(公告)日：2007-01-04

申请号：US11364002

申请日：2006-03-01

申请人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

发明人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

IPC分类号： H04L12/66

CPC分类号： H04L63/145

摘要： A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

摘要翻译： 记录网络关闭控制程序的记录介质，允许采取适当的预防措施。 检测器监视要管理的每个网段，并且在检测到满足预定条件的通信时，检测器生成检测通知，并将该通知发送到隔离管理器。 在获取由本地设备的检测器产生的检测通知或由远程网络关闭设备生成的检测通知时，隔离管理器根据存储在隔离策略存储器中的隔离策略生成关闭操作请求，并将请求发送到 通信关闭单元。 根据关机操作请求，通信关机单元设置识别关机目标的关闭数据，并控制要从网段输入和输出的分组，使得分组可以被切断或通过。

公开(公告)号：US20090204679A1

公开(公告)日：2009-08-13

申请号：US12367520

申请日：2009-02-07

申请人： Masashi MITOMO ,  Masahiro Komura ,  Satoru Torii

发明人： Masashi MITOMO ,  Masahiro Komura ,  Satoru Torii

IPC分类号： G06F15/16

CPC分类号： G06Q10/107 ,  H04L51/34

摘要： An electronic mail management system for managing electronic mail includes an obtaining unit, an assigning unit and a memory. The obtaining unit obtains electronic mail whenever the electronic mail is sent or received. The assigning unit assigns at least one serial number to the electronic mail obtained by the obtaining unit. Each assigned serial number is a number from a sequence of numbers associated with at least one mail address included in the obtained electronic mail. The memory stores the obtained electronic mail in connection with the at least one assigned serial number.

摘要翻译： 用于管理电子邮件的电子邮件管理系统包括获取单元，分配单元和存储器。 每当发送或接收电子邮件时，获取单元获得电子邮件。 分配单元将至少一个序列号分配给由获取单元获得的电子邮件。 每个分配的序列号是从与所获得的电子邮件中包括的至少一个邮件地址相关联的数字序列中的数字。 所述存储器与所述至少一个分配的序列号相关联地存储所获得的电子邮件。

公开(公告)号：US08266250B2

公开(公告)日：2012-09-11

申请号：US12412309

申请日：2009-03-26

申请人： Masashi Mitomo ,  Masahiro Komura ,  Satoru Torii

发明人： Masashi Mitomo ,  Masahiro Komura ,  Satoru Torii

IPC分类号： G06F13/00

CPC分类号： H04M3/51 ,  H04L67/38 ,  H04M3/523 ,  H04M7/0027 ,  H04M2207/18

摘要： A communication detection method in which, based on a sender and a destination of communication data recorded in a communication log that records information concerning communication data exchanged between devices linked to a network, the communication log is divided into parts corresponding to individual object devices. The communication logs divided corresponding to the individual devices are analyzed so that the communication data in which a connection request to each device has been issued is extracted, and then a response success/failure table is generated based on whether a response from the device to the connection request has been detected; and based on the response success/failure table, when a time period that no response is obtained from the device satisfies a criterion condition determined in advance, it is determined that peer-to-peer communication has been performed.

摘要翻译： 一种通信检测方法，其中，基于记录在通信日志中的通信数据的发送方和目的地，其记录与链接到网络的装置之间交换的通信数据的信息，所述通信日志被划分为与各个对象装置对应的部分。 分析对应于各个设备的通信记录，以便提取其中已经发出对每个设备的连接请求的通信数据，然后基于从该设备到该设备的响应是否生成响应成功/故障表 已检测到连接请求; 并且基于响应成功/失败表，当从设备获得没有响应的时间段满足预先确定的准则条件时，确定已经执行了对等通信。