公开(公告)号：US20120297452A1

公开(公告)日：2012-11-22

申请号：US13560471

申请日：2012-07-27

申请人： Seiji Munetoh ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada

发明人： Seiji Munetoh ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada

IPC分类号： G06F21/20

CPC分类号： G06F21/554 ,  G06F9/45533 ,  G06F21/74 ,  G06F2221/2127 ,  H04L63/1491

摘要： A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

摘要翻译： 一种系统，包括：检测单元，被配置为检测对由计算机执行的虚拟机虚拟实现的一个或多个信息处理设备的未授权访问; 授权网络，被配置为从外部网络传送对所述一个或多个信息处理设备的授权访问; 蜜罐网络，被配置为从外部网络传送对信息处理设备的未经授权的访问; 以及控制单元，被配置为将没有未经授权的访问的信息处理设备连接到授权网络，并且将已经检测到未经授权的访问的信息处理设备连接到蜜罐网络; 其中所述控制单元响应于检测到所述检测单元的未经授权的访问而将所述对应的信息处理设备移动到所述检测到的未授权访问与正常操作断开的诱饵模式。

公开(公告)号：US20120254951A1

公开(公告)日：2012-10-04

申请号：US13419554

申请日：2012-03-14

申请人： Seiji Munetoh ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada

发明人： Seiji Munetoh ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada

IPC分类号： G06F21/00

CPC分类号： G06F21/554 ,  G06F9/45533 ,  G06F21/74 ,  G06F2221/2127 ,  H04L63/1491

摘要： A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

公开(公告)号：US20120210158A1

公开(公告)日：2012-08-16

申请号：US13365594

申请日：2012-02-03

申请人： Kazuhito Akiyama ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

发明人： Kazuhito Akiyama ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

IPC分类号： G06F11/07

CPC分类号： G06F21/50 ,  G05B19/0428 ,  G06F11/07 ,  G06F21/552 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/2145 ,  G06F2221/2151 ,  H04L63/1425

摘要： An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.

摘要翻译： 提供了一种异常检测机制，其检测控制网络中的异常，并且包括识别单元，用于接收关于发生的事件的事件信息，并且通过参考配置管理数据库来识别包括与事件信息相关的资源的组 用于保持过程和资源之间的依赖关系，包括控制系统; 策略存储单元，用于存储一个或多个策略，每个策略将一个或多个动作与定义怀疑具有异常的情况的条件相关联; 添加单元，用于获取应用于所述一个或多个策略所需的组相关信息，并将所获取的信息添加到所述事件信息中; 以及确定单元，用于将所述事件信息应用于所述一个或多个策略，并且将与所述匹配条件相关联的所述一个或多个动作确定为要采取的一个或多个动作。

公开(公告)号：US20060075117A1

公开(公告)日：2006-04-06

申请号：US11058510

申请日：2005-02-15

申请人： Yukihiko Sohda ,  Toshiro Takase ,  Yuhichi Nakamura ,  Michiaki Tatsubori

发明人： Yukihiko Sohda ,  Toshiro Takase ,  Yuhichi Nakamura ,  Michiaki Tatsubori

IPC分类号： G06F15/16

CPC分类号： G06F12/0866 ,  H04L67/2842

摘要： Provides methods, apparatus and systems for message request response server and processor. A server apparatus including: a request processing unit for performing processing for a first processing request message received, and creating a first processing response message; a cache unit for caching the first processing response message in association with a first key created based on the first processing request message; a message analysis unit for analyzing the second processing request message received; a key creation unit for creating a second key based on the analysis result; and a cache management unit for returning the cached first processing response message when the second key coincides with the first key, and when the second key does not coincide with the first key, notifying the result of the analysis, allowing the request processing unit to perform processing based on the analysis result, and returning the second processing response message created.

公开(公告)号：US09075410B2

公开(公告)日：2015-07-07

申请号：US13365533

申请日：2012-02-03

申请人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

发明人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

IPC分类号： G05B9/02 ,  G06F11/00 ,  G05B19/048 ,  H04L29/06 ,  G06F21/55

CPC分类号： G05B19/048 ,  G06F21/552 ,  H04L63/1425

摘要： A mechanism is provided for effectively detecting an abnormality occurring in a control system and isolating the control system in which abnormality is acknowledged. The mechanism receives, from one or more control systems in the plurality of control systems, respective abnormality notifications for respective counter control systems to be monitored by the plurality of control systems. The mechanism adds up abnormality notifications transmitted from respective monitoring sections of the plurality of control systems so as to evaluate the reputation of a control system suspected to have an abnormality. The mechanism causes a protected area for operating the control system suspected to have an abnormality to restrict outbound traffic from at least the inside of the protected area, when an indication is identified that the control system is abnormal according to criteria from a result of the evaluation.

摘要翻译： 提供一种用于有效地检测控制系统中发生的异常并隔离异常被确认的控制系统的机构。 该机构从多个控制系统中的一个或多个控制系统接收由多个控制系统监控的各个计数器控制系统的各自的异常通知。 该机构将从多个控制系统的各监视部发送的异常通知相加，以评估疑似异常的控制系统的信誉。 该机制导致受保护区域操作怀疑有异常的控制系统，以至少在保护区内部限制出站流量，当根据评估结果的标准确定控制系统异常的指示时 。

公开(公告)号：US08726085B2

公开(公告)日：2014-05-13

申请号：US13365594

申请日：2012-02-03

申请人： Kazuhito Akiyama ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

发明人： Kazuhito Akiyama ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

IPC分类号： G06F11/00

CPC分类号： G06F21/50 ,  G05B19/0428 ,  G06F11/07 ,  G06F21/552 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/2145 ,  G06F2221/2151 ,  H04L63/1425

摘要： An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.

摘要翻译： 提供了一种异常检测机制，其检测控制网络中的异常，并且包括识别单元，用于接收关于发生的事件的事件信息，并且通过参考配置管理数据库来识别包括与事件信息相关的资源的组 用于保持过程和资源之间的依赖关系，包括控制系统; 策略存储单元，用于存储一个或多个策略，每个策略将一个或多个动作与定义怀疑具有异常的情况的条件相关联; 添加单元，用于获取应用于所述一个或多个策略所需的组相关信息，并将所获取的信息添加到所述事件信息中; 以及确定单元，用于将所述事件信息应用于所述一个或多个策略，并且将与所述匹配条件相关联的所述一个或多个动作确定为要采取的一个或多个动作。

公开(公告)号：US20120209411A1

公开(公告)日：2012-08-16

申请号：US13365533

申请日：2012-02-03

申请人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

发明人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

IPC分类号： G05B9/02

CPC分类号： G05B19/048 ,  G06F21/552 ,  H04L63/1425

摘要： A mechanism is provided for effectively detecting an abnormality occurring in a control system and isolating the control system in which abnormality is acknowledged. The mechanism receives, from one or more control systems in the plurality of control systems, respective abnormality notifications for respective counter control systems to be monitored by the plurality of control systems. The mechanism adds up abnormality notifications transmitted from respective monitoring sections of the plurality of control systems so as to evaluate the reputation of a control system suspected to have an abnormality. The mechanism causes a protected area for operating the control system suspected to have an abnormality to restrict outbound traffic from at least the inside of the protected area, when an indication is identified that the control system is abnormal according to criteria from a result of the evaluation.

摘要翻译： 提供一种用于有效地检测控制系统中发生的异常并隔离异常被确认的控制系统的机构。 该机构从多个控制系统中的一个或多个控制系统接收由多个控制系统监控的各个计数器控制系统的各自的异常通知。 该机构将从多个控制系统的各监视部发送的异常通知相加，以评估疑似异常的控制系统的信誉。 该机制导致受保护区域操作怀疑有异常的控制系统，以至少在保护区内部限制出站流量，当根据评估结果的标准确定控制系统异常的指示时 。

公开(公告)号：US07512691B2

公开(公告)日：2009-03-31

申请号：US11058510

申请日：2005-02-15

申请人： Yukihiko Sohda ,  Toshiro Takase ,  Yuhichi Nakamura ,  Michiaki Tatsubori

发明人： Yukihiko Sohda ,  Toshiro Takase ,  Yuhichi Nakamura ,  Michiaki Tatsubori

IPC分类号： G06F15/16

CPC分类号： G06F12/0866 ,  H04L67/2842

摘要： Provides methods, apparatus and systems for message request response server and processor. A server apparatus including: a request processing unit for performing processing for a first processing request message received, and creating a first processing response message; a cache unit for caching the first processing response message in association with a first key created based on the first processing request message; a message analysis unit for analyzing the second processing request message received; a key creation unit for creating a second key based on the analysis result; and a cache management unit for returning the cached first processing response message when the second key coincides with the first key, and when the second key does not coincide with the first key, notifying the result of the analysis, allowing the request processing unit to perform processing based on the analysis result, and returning the second processing response message created.

摘要翻译： 提供消息请求响应服务器和处理器的方法，设备和系统。 一种服务器设备，包括：请求处理单元，用于对接收的第一处理请求消息进行处理，并创建第一处理响应消息; 缓存单元，用于与基于第一处理请求消息创建的第一密钥相关联地缓存第一处理响应消息; 消息分析单元，用于分析接收到的第二处理请求消息; 用于基于分析结果创建第二密钥的密钥创建单元; 以及高速缓存管理单元，用于当所述第二密钥与所述第一密钥一致时返回所缓存的第一处理响应消息，并且当所述第二密钥与所述第一密钥不一致时，通知所述分析结果，允许所述请求处理单元执行 基于分析结果进行处理，并返回所生成的第二处理响应消息。