公开(公告)号：US20120005147A1

公开(公告)日：2012-01-05

申请号：US13170943

申请日：2011-06-28

申请人： HIROFUMI NAKAKOJI ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine ,  Tomohiro Shigemoto

发明人： HIROFUMI NAKAKOJI ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine ,  Tomohiro Shigemoto

IPC分类号： G06N5/02

CPC分类号： G06F21/566 ,  G06F21/606 ,  G06Q10/063114 ,  G06Q10/0635

摘要： A technique for collecting information concerning those files distributed on a file sharing network and for detecting an information leak file to take corrective measures is provided. Supervised information is generated by adding as attributes a file type, a speech-part appearance frequency of words making up a file name and a result of human-made judgment as to whether a file being inspected is the information leak file to key information collected from the file sharing network. Next, the supervised information is input to a decision tree leaning algorithm, thereby causing it to learn an information leak file judgment rule and then derive a decision tree for use in information leak file judgment. Thereafter, this decision tree is used to detect the information leak file from key information flowing on the file sharing network, followed by alert transmission and key information invalidation, thereby preventing damage expansion.

摘要翻译： 提供了一种用于收集关于在文件共享网络上分发的文件的信息和用于检测信息泄漏文件以采取纠正措施的技术。 通过将文件类型，构成文件名的单词的语音部分出现频率和关于被检查文件的人为判断结果作为属性添加到信息泄漏文件来生成关键信息，从而从 文件共享网络。 接下来，将监督信息输入到决策树倾斜算法，从而使其学习信息泄漏文件判断规则，然后导出用于信息泄漏文件判断的决策树。 此后，该决策树用于从文件共享网络上流动的密钥信息中检测信息泄漏文件，随后进行警报传输和密钥信息无效，从而防止损坏扩展。

公开(公告)号：US20100050260A1

公开(公告)日：2010-02-25

申请号：US12461363

申请日：2009-08-10

申请人： Hirofumi Nakakoji ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine

发明人： Hirofumi Nakakoji ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine

IPC分类号： G06F11/00

CPC分类号： H04L63/0227 ,  H04L63/1425 ,  H04L2463/144

摘要： An attack node set determination apparatus obtains an event log basic parameter extracted from collected event logs and attribute information based on the event log basic parameter. The attack node set determination apparatus performs a clustering on a space having dimensions of part or all of the obtained attribute information and event log basic parameter, computes a cluster, and transmits information on the cluster and a countermeasure against the cluster to a firewall. Upon detecting an attack packet from an attack node set, the firewall identifies a cluster including the attack packet and conducts a countermeasure against the whole identified cluster.

摘要翻译： 攻击节点集确定装置根据事件日志基本参数获取从收集的事件日志中提取的事件日志基本参数和属性信息。 攻击节点集确定装置对获得的属性信息和事件日志基本参数的部分或全部的空间的空间进行聚类，计算群集，并且将关于群集的信息和针对群集的对策发送到防火墙。 在从攻击节点集中检测到攻击报文时，防火墙会识别包含攻击报文的集群，并针对整个识别的集群进行对策。