-
公开(公告)号:US20240039939A1
公开(公告)日:2024-02-01
申请号:US18135425
申请日:2023-04-17
申请人: Fujitsu Limited
发明人: Takanori Oikawa , Hirotaka Kokubo , Ikuya Morikawa
IPC分类号: H04L9/40
CPC分类号: H04L63/1425 , H04L63/1416
摘要: A non-transitory computer-readable recording medium storing an attack situation output program for causing a computer to execute a process, the process includes extracting, from information regarding communication that includes a threat level of an attack, information regarding first communication in which the threat level satisfies a first condition, executing anomaly detection processing that detects a suspicious terminal by using the information regarding the first communication of each terminal, and outputting information regarding a first terminal detected as the suspicious terminal by the anomaly detection processing and information regarding content of an attack that corresponds to the first condition, in association with each other.
-
公开(公告)号:US10348743B2
公开(公告)日:2019-07-09
申请号:US15193264
申请日:2016-06-27
申请人: FUJITSU LIMITED
发明人: Mebae Yamaoka , Takanori Oikawa , Kazuyoshi Furukawa , Masahiko Takenaka , Yuki Fujishima , Masanobu Morinaga
IPC分类号: H04L29/06
摘要: A method includes executing a determination process that determines that a setting value is a search key, the setting value being for an item from among a plurality of items in a record identified in a plurality of records, the plurality of records relating to a plurality of pieces of log information that are collected from a plurality of computers; executing a first identification process that identifies, as the record, another record including the search key from among the plurality of records; executing a second identification process that identifies, as the item, a new item from among the plurality of items, the new item being different from an item used to identify the another record in the executing of the first identification process; repeating executing of the processes; and outputting information on at least one computer that is suspected of a cyber-attack, based on the identified records.
-
公开(公告)号:US10339314B2
公开(公告)日:2019-07-02
申请号:US15246878
申请日:2016-08-25
申请人: FUJITSU LIMITED
摘要: A device includes: a memory configured to store in advance a command transmitted from malware to hardware via an operating system; and a processor coupled to the memory and configured to: hook a first command transmitted from the operating system to the hardware, and transmit information that causes the malware to determine to terminate operation of the malware to the operating system when the hooked first command corresponds with the command stored in the memory.
-
公开(公告)号:US20170070515A1
公开(公告)日:2017-03-09
申请号:US15193264
申请日:2016-06-27
申请人: FUJITSU LIMITED
发明人: Mebae YAMAOKA , Takanori Oikawa , Kazuyoshi Furukawa , Masahiko Takenaka , Yuki Fujishima , Masanobu Morinaga
CPC分类号: H04L63/1416
摘要: A method includes executing a determination process that determines that a setting value is a search key, the setting value being for an item from among a plurality of items in a record identified in a plurality of records, the plurality of records relating to a plurality of pieces of log information that are collected from a plurality of computers; executing a first identification process that identifies, as the record, another record including the search key from among the plurality of records; executing a second identification process that identifies, as the item, a new item from among the plurality of items, the new item being different from an item used to identify the another record in the executing of the first identification process; repeating executing of the processes; and outputting information on at least one computer that is suspected of a cyber-attack, based on the identified records.
摘要翻译: 一种方法包括执行确定设置值是搜索关键字的确定处理,所述设置值是针对在多个记录中识别的记录中的多个项目中的项目,所述多个记录涉及多个 从多台计算机收集的日志信息; 执行从多个记录中识别包括搜索关键字的另一记录作为记录的第一识别处理; 执行第二识别处理,其从所述多个项目中识别来自所述项目的新项目,所述新项目不同于在执行所述第一识别过程中用于识别所述另一记录的项目; 重复执行过程; 并基于所识别的记录,在涉嫌网络攻击的至少一台计算机上输出信息。
-
-
-
搜索结果
4 条记录 (耗时 0.015 秒)
