Vulnerability countermeasure device and vulnerability countermeasure method
    2.
    发明授权
    Vulnerability countermeasure device and vulnerability countermeasure method 有权
    脆弱性对策设备和漏洞对策方法

    公开(公告)号:US09372995B2

    公开(公告)日:2016-06-21

    申请号:US14237152

    申请日:2011-09-08

    IPC分类号: G06F21/00 G06F21/57

    CPC分类号: G06F21/577 G06F2221/033

    摘要: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerability.

    摘要翻译: 漏洞对策装置存储将通过网络连接的多台计算机与各计算机拥有的软件相关联的配置信息,将软件与软件的脆弱性相关的信息关联的脆弱性信息以及将软件与要执行的对策策略相关联的对策策略信息 如果软件有一个漏洞; 基于与从使用终端接收到的数据中包含的数据的路径有关的信息计算数据将到达的计算机; 基于计算机和配置信息获取计算机中存在的软件; 根据获取的软件和漏洞信息,评估所获取的软件是否存在漏洞; 并且设置有对应单元,用于根据针对被评估为具有该脆弱性的软件的对策策略来执行对脆弱性的对策。

    SECURITY LEVEL VISUALIZATION DEVICE
    3.
    发明申请
    SECURITY LEVEL VISUALIZATION DEVICE 审中-公开
    安全级别可视化设备

    公开(公告)号:US20130333045A1

    公开(公告)日:2013-12-12

    申请号:US14000489

    申请日:2011-12-08

    IPC分类号: G06F21/57

    摘要: A security level of each service is calculated and visualized. The device includes a security level calculation unit and a security level visualization unit. The security level calculation unit receives information regarding security of the service from a plurality of sensors as observation information, and calculates a security level of each service based on the received observation information and a security level calculation policy. The security level visualization unit outputs the security level of each service, based on the security level calculated by the security level calculation unit and configuration information of the service. Further, the security level calculation policy has a service, a user using the service, and an observation item to be observed in the service. The security level calculation unit calculates the security level in association with the user of the service and the service, based on the security level calculation policy.

    摘要翻译: 计算和可视化每个服务的安全级别。 该设备包括安全级别计算单元和安全级别可视化单元。 安全级别计算单元从多个传感器接收关于服务的安全性的信息作为观察信息,并且基于接收到的观察信息和安全级别计算策略来计算每个服务的安全级别。 安全级别可视化单元基于由安全级别计算单元计算的安全级别和服务的配置信息输出每个服务的安全级别。 此外,安全级别计算策略具有服务,使用该服务的用户以及要在服务中观察的观察项目。 安全级别计算单元基于安全级别计算策略计算与服务和服务的用户相关联的安全级别。

    ENCRYPTED TRAFFIC TEST SYSTEM
    4.
    发明申请
    ENCRYPTED TRAFFIC TEST SYSTEM 审中-公开
    加强交通测试系统

    公开(公告)号:US20120210125A1

    公开(公告)日:2012-08-16

    申请号:US13368620

    申请日:2012-02-08

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1408 H04L63/0428

    摘要: An encrypted traffic test system is disclosed which tests whether or not traffic involving packets over a network is encrypted, the encrypted traffic test system including: a test data acquisition portion configured to receive each of the packets on the network so as to acquire test data from the received packet; an encrypted traffic test portion configured to evaluate the test data acquired by the test data acquisition portion for randomness using a random number testing scheme and, if the test data is evaluated to have randomness, to further determine that the traffic involving the packets including the test data is encrypted traffic; and a test result display portion configured to display a test result from the encrypted traffic test portion on a test result display screen.

    摘要翻译: 公开了一种加密流量测试系统,其测试是否对通过网络进行分组的流量进行加密,所述加密流量测试系统包括:测试数据获取部分,被配置为接收网络上的每个分组,以便从 收到的包; 被配置为使用随机数测试方案来评估由测试数据获取部分获取的随机性的测试数据的加密流量测试部分,并且如果测试数据被评估为具有随机性,则进一步确定涉及包括测试的分组的流量 数据是加密流量; 以及测试结果显示部分,被配置为在测试结果显示屏幕上显示来自加密的流量测试部分的测试结果。

    Attack node set determination apparatus and method, information processing device, attack dealing method, and program
    5.
    发明申请
    Attack node set determination apparatus and method, information processing device, attack dealing method, and program 审中-公开
    攻击节点集确定装置和方法,信息处理装置,攻击处理方法和程序

    公开(公告)号:US20100050260A1

    公开(公告)日:2010-02-25

    申请号:US12461363

    申请日:2009-08-10

    IPC分类号: G06F11/00

    摘要: An attack node set determination apparatus obtains an event log basic parameter extracted from collected event logs and attribute information based on the event log basic parameter. The attack node set determination apparatus performs a clustering on a space having dimensions of part or all of the obtained attribute information and event log basic parameter, computes a cluster, and transmits information on the cluster and a countermeasure against the cluster to a firewall. Upon detecting an attack packet from an attack node set, the firewall identifies a cluster including the attack packet and conducts a countermeasure against the whole identified cluster.

    摘要翻译: 攻击节点集确定装置根据事件日志基本参数获取从收集的事件日志中提取的事件日志基本参数和属性信息。 攻击节点集确定装置对获得的属性信息和事件日志基本参数的部分或全部的空间的空间进行聚类,计算群集,并且将关于群集的信息和针对群集的对策发送到防火墙。 在从攻击节点集中检测到攻击报文时,防火墙会识别包含攻击报文的集群,并针对整个识别的集群进行对策。

    INFORMATION LEAK FILE DETECTION APPARATUS AND METHOD AND PROGRAM THEREOF
    6.
    发明申请
    INFORMATION LEAK FILE DETECTION APPARATUS AND METHOD AND PROGRAM THEREOF 审中-公开
    信息泄漏文件检测装置及其方法和程序

    公开(公告)号:US20120005147A1

    公开(公告)日:2012-01-05

    申请号:US13170943

    申请日:2011-06-28

    IPC分类号: G06N5/02

    摘要: A technique for collecting information concerning those files distributed on a file sharing network and for detecting an information leak file to take corrective measures is provided. Supervised information is generated by adding as attributes a file type, a speech-part appearance frequency of words making up a file name and a result of human-made judgment as to whether a file being inspected is the information leak file to key information collected from the file sharing network. Next, the supervised information is input to a decision tree leaning algorithm, thereby causing it to learn an information leak file judgment rule and then derive a decision tree for use in information leak file judgment. Thereafter, this decision tree is used to detect the information leak file from key information flowing on the file sharing network, followed by alert transmission and key information invalidation, thereby preventing damage expansion.

    摘要翻译: 提供了一种用于收集关于在文件共享网络上分发的文件的信息和用于检测信息泄漏文件以采取纠正措施的技术。 通过将文件类型,构成文件名的单词的语音部分出现频率和关于被检查文件的人为判断结果作为属性添加到信息泄漏文件来生成关键信息,从而从 文件共享网络。 接下来,将监督信息输入到决策树倾斜算法,从而使其学习信息泄漏文件判断规则,然后导出用于信息泄漏文件判断的决策树。 此后,该决策树用于从文件共享网络上流动的密钥信息中检测信息泄漏文件,随后进行警报传输和密钥信息无效,从而防止损坏扩展。

    TOKENIZATION SYSTEM
    7.
    发明申请
    TOKENIZATION SYSTEM 审中-公开
    制导系统

    公开(公告)号:US20120272326A1

    公开(公告)日:2012-10-25

    申请号:US13360569

    申请日:2012-01-27

    IPC分类号: G06F21/24

    CPC分类号: G06Q10/00 G06Q20/363

    摘要: A tokenization unit that tokenizes a real name ID to a different tokenized ID according to a user's service usage situation, a service history analyzing unit that analyzes service history data, a tokenized ID checking unit that determines whether different tokenized IDs are the same in analyzing a plurality of items of service history data including the different tokenized IDs, and a tokenization change management unit that manages a service usage situation the same as that of tokenization by the tokenization unit. The service history analyzing unit performs: a predetermined service history analysis if a target is a service usage situation in which the same tokenized ID appears; and a predetermined service history analysis as different tokenized IDs are considered to be the same user by the tokenized ID checking unit if a target is a service usage situation in which a different tokenized ID appears.

    摘要翻译: 一种令牌化单元,其根据用户的服务使用情况将真实姓名ID标记为不同的标识ID,服务历史分析单元,其分析服务历史数据;令牌化ID检查单元,用于在分析服务历史数据时确定不同的令牌化ID是否相同 多个服务历史数据项目,包括不同的标记化ID,以及令牌化改变管理单元,其管理与令牌化单元的令牌化相同的服务使用情况。 服务历史分析单元执行:如果目标是出现相同标识ID的服务使用情况,则进行预定的服务历史分析; 并且如果目标是出现不同的令牌化ID的服务使用情况,则由令牌化ID检查单元将作为不同标记化ID的预定服务历史分析视为是相同的用户。