-
公开(公告)号:US09819691B2
公开(公告)日:2017-11-14
申请号:US14950096
申请日:2015-11-24
申请人: FUJITSU LIMITED
发明人: Masahiro Yamada , Masanobu Morinaga
CPC分类号: H04L63/1416 , H04L43/062 , H04L43/12
摘要: A disclosed network monitoring method includes: obtaining, by a first apparatus, packets from a node outside a network to a first terminal in the network, and packets from the first terminal to a second terminal in the network; transmitting, by the first apparatus and to a third apparatus, information on first plural packets that satisfy a first condition; obtaining, by a second apparatus, packets from the first terminal to the second terminal, and packets from the second terminal to the node; transmitting, by the second apparatus and to the third apparatus, information on second plural packets that satisfy a second condition; receiving, by the third apparatus, the information on the first and second plural packets; and determining, by the third apparatus, whether an attack from outside the network occurred, based on whether a same packet is included in the first and second plural packets.
-
公开(公告)号:US10397248B2
公开(公告)日:2019-08-27
申请号:US15262803
申请日:2016-09-12
申请人: FUJITSU LIMITED
发明人: Masahiro Yamada , Masanobu Morinaga
摘要: A disclosed network monitoring method includes: specifying a feature value for each of plural packet groups that were transferred between a first terminal and a second terminal on a connection between the first terminal and the second terminal; calculating a value representing variation in specified feature values; and determining whether the calculated value is equal to or greater than a predetermined threshold value.
-
公开(公告)号:US20150013005A1
公开(公告)日:2015-01-08
申请号:US14291168
申请日:2014-05-30
申请人: FUJITSU LIMITED
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/168
摘要: Upon acquiring first data transmitted from an outside of a predetermined range in a network, an apparatus stores, in a memory, first information including transmission source and destination addresses of the first data. Upon acquiring second data addressed to an inside of the predetermined range and indicating predetermined communication data of service initiation, the apparatus extracts the first information including as the transmission source address a source address of the second data, and stores, in the memory, second information indicating a service initiation and including a destination address of the second data, in association with the first information. When the second information including as the transmission destination address a source address of the second data is stored in the memory and a destination address of the second data coincides with the transmission source address in the first information associated with the second information, the apparatus notifies detection of an attack.
摘要翻译: 在从网络中的预定范围的外部获取发送的第一数据时,装置在存储器中存储包括第一数据的发送源和目的地地址的第一信息。 当获取寻址到预定范围内的第二数据并且指示服务启动的预定通信数据时,该设备提取包括作为发送源地址的第一数据作为第二数据的源地址的第一信息,并将其存储在存储器中 指示与第一信息相关联的服务启动并包括第二数据的目的地地址。 当将包括第二数据的源地址的发送目的地地址的第二信息存储在存储器中时,第二数据的目的地地址与第二信息相关联的第一信息中的发送源地址一致, 的攻击。
-
公开(公告)号:US09548989B2
公开(公告)日:2017-01-17
申请号:US14571532
申请日:2014-12-16
申请人: FUJITSU LIMITED
CPC分类号: H04L63/1416 , H04L63/1458
摘要: When obtained communication data corresponds to an external communication from the outside of the network to the inside, external communication data is stored. When the obtained communication data corresponds to a service start, external communication data associated with the service start is extracted, and service start data is stored in correlation with the extracted external communication data. When the obtained communication data corresponds to an operation end, operation end data is stored. When the obtained communication data corresponds to a communication from the inside to the outside of the network, operation end data associated with the obtained communication data is extracted. Then, it is determined that a condition is satisfied that external communication data associated with the obtained communication data is stored in correlation with the service start data associated with the extracted operation end data. When the condition is satisfied, an attack for the system is detected.
摘要翻译: 当获得的通信数据对应于从网络外部到内部的外部通信时,存储外部通信数据。 当所获得的通信数据对应于服务开始时,提取与服务开始相关联的外部通信数据,并且与所提取的外部通信数据相关地存储服务开始数据。 当所获得的通信数据对应于操作结束时,存储操作结束数据。 当获得的通信数据对应于从网络的内部到外部的通信时,提取与所获得的通信数据相关联的操作结束数据。 然后,确定满足与获取的通信数据相关联的外部通信数据与与所提取的操作结束数据相关联的服务开始数据相关联的条件。 当条件满足时,检测到系统的攻击。
-
公开(公告)号:US20150195294A1
公开(公告)日:2015-07-09
申请号:US14571532
申请日:2014-12-16
申请人: FUJITSU LIMITED
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/1458
摘要: When obtained communication data corresponds to an external communication from the outside of the network to the inside, external communication data is stored. When the obtained communication data corresponds to a service start, external communication data associated with the service start is extracted, and service start data is stored in correlation with the extracted external communication data. When the obtained communication data corresponds to an operation end, operation end data is stored. When the obtained communication data corresponds to a communication from the inside to the outside of the network, operation end data associated with the obtained communication data is extracted. Then, it is determined that a condition is satisfied that external communication data associated with the obtained communication data is stored in correlation with the service start data associated with the extracted operation end data. When the condition is satisfied, an attack for the system is detected.
摘要翻译: 当获得的通信数据对应于从网络外部到内部的外部通信时,存储外部通信数据。 当所获得的通信数据对应于服务开始时,提取与服务开始相关联的外部通信数据,并且与所提取的外部通信数据相关地存储服务开始数据。 当所获得的通信数据对应于操作结束时,存储操作结束数据。 当获得的通信数据对应于从网络的内部到外部的通信时,提取与所获得的通信数据相关联的操作结束数据。 然后,确定满足与获取的通信数据相关联的外部通信数据与与所提取的操作结束数据相关联的服务开始数据相关联的条件。 当条件满足时,检测到系统的攻击。
-
-
-
-
搜索结果
5 条记录 (耗时 0.014 秒)
