公开(公告)号：US07564837B2

公开(公告)日：2009-07-21

申请号：US11364002

申请日：2006-03-01

申请人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

发明人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

IPC分类号： H04L12/66

CPC分类号： H04L63/145

摘要： A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

摘要翻译： 记录网络关闭控制程序的记录介质，允许采取适当的预防措施。 检测器监视要管理的每个网段，并且在检测到满足预定条件的通信时，检测器生成检测通知，并将该通知发送到隔离管理器。 在获取由本地设备的检测器产生的检测通知或由远程网络关闭设备生成的检测通知时，隔离管理器根据存储在隔离策略存储器中的隔离策略生成关闭操作请求，并将请求发送到 通信关闭单元。 根据关机操作请求，通信关机单元设置识别关机目标的关闭数据，并控制要从网段输入和输出的分组，使得分组可以被切断或通过。

公开(公告)号：US20070101404A1

公开(公告)日：2007-05-03

申请号：US11368429

申请日：2006-03-07

申请人： Yoshiki Higashikado ,  Masashi Mitomo ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

发明人： Yoshiki Higashikado ,  Masashi Mitomo ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

IPC分类号： H04L9/32

CPC分类号： H04L29/12924 ,  H04L29/12584 ,  H04L61/2596 ,  H04L61/6063 ,  H04L63/0236

摘要： In a network relay device, unauthorized access from an internal computer to an external network is detected, an unauthorized destination service port used for the unauthorized access is specified, and a substitute port is allocated. A service relay unit and the internal computer are instructed to use the substitute port instead of the unauthorized destination service port, and an unauthorized access notification is sent. Mutual conversion of the unauthorized destination service port and a substitute service port is carried out, to relay a packet between an internal network and the external network.

摘要翻译： 在网络中继装置中，检测到从内部计算机到外部网络的未经授权的访问，指定用于未经授权的访问的未经授权的目的地服务端口，并且分配替代端口。 指示服务中继单元和内部计算机使用替代端口而不是未经授权的目的地服务端口，并发送未经授权的访问通知。 执行未经授权的目的地业务端口和替代业务端口的相互转换，以在内部网络与外部网络之间转发数据包。

公开(公告)号：US20060291469A1

公开(公告)日：2006-12-28

申请号：US11348335

申请日：2006-02-07

申请人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

发明人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： H04L12/56

CPC分类号： H04L63/1408 ,  H04L63/145

摘要： A computer-readable recording medium recording a worm detection program which is preferably usable for a large-scale network and is capable of detecting worm communication with little information. A worm detection device which runs this program has a switching hub function, and comprises five physical ports that are network interfaces, a communication acquisition section, and a worm detector, for example. The communication acquisition section acquires ICMP type3 (destination unreachable message) packets going out of the physical ports. The worm detector determines whether the packet communication is worm communication, based on information on the ICMP type3 packets obtained for each source MAC address by the communication acquisition section and worm criteria set for determining whether communication is worm communication.

摘要翻译： 记录蠕虫检测程序的计算机可读记录介质，其优选地可用于大规模网络，并且能够检测到具有很少信息的蠕虫通信。 运行该程序的蠕虫检测装置具有交换集线器功能，例如包括作为网络接口的五个物理端口，通信采集部分和蠕虫检测器。 通信获取部分获取离开物理端口的ICMP类型3（目的地不可达消息）。 蠕虫检测器基于通过通信获取部分针对每个源MAC地址获得的ICMP类型3分组的信息和用于确定通信是否是蠕虫通信的蠕虫标准来确定分组通信是否是蠕虫通信。

公开(公告)号：US20070011745A1

公开(公告)日：2007-01-11

申请号：US11376083

申请日：2006-03-16

申请人： Masashi Mitomo ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

发明人： Masashi Mitomo ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Kazumasa Omote ,  Satoru Torii

IPC分类号： G06F12/14

CPC分类号： H04L63/1425

摘要： A computer-readable recording medium recording a worm detection parameter setting program for setting an appropriate worm detection parameter for target environments. When a log reader loads a communication log created within a prescribed time period, a log classifier classifies the entries of the communication log into categories based on communication contents. A frequency distribution creator analyzes the entries of a category, counts the number of appearance of each worm detection parameter value for each object of a preset network unit, and creates frequency distribution information. A threshold derivation unit analyzes the frequency distribution information and derives a threshold value that is used for determining whether a worm is propagating. An output unit outputs to an output device the threshold value for the worm detection parameter for the category, together with the frequency distribution information created by the frequency distribution creator, thereby providing a user with the information.

摘要翻译： 记录用于针对目标环境设定适当的蠕虫检测参数的蠕虫检测参数设定程序的计算机可读记录介质。 当日志读取器加载在规定时间段内创建的通信日志时，日志分类器基于通信内容将通信日志的条目分类成类别。 频率分布创建者分析类别的条目，计算预设网络单元的每个对象的每个蠕虫检测参数值的出现次数，并且创建频率分布信息。 阈值导出单元分析频率分布信息并导出用于确定蠕虫正在传播的阈值。 输出单元向输出设备输出用于该类别的蠕虫检测参数的阈值以及由频率分布创建者创建的频率分布信息，从而向用户提供该信息。

公开(公告)号：US20070002838A1

公开(公告)日：2007-01-04

申请号：US11364002

申请日：2006-03-01

申请人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

发明人： Masahiro Komura ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masashi Mitomo ,  Bintatsu Noda ,  Satoru Torii

IPC分类号： H04L12/66

CPC分类号： H04L63/145

摘要： A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

摘要翻译： 记录网络关闭控制程序的记录介质，允许采取适当的预防措施。 检测器监视要管理的每个网段，并且在检测到满足预定条件的通信时，检测器生成检测通知，并将该通知发送到隔离管理器。 在获取由本地设备的检测器产生的检测通知或由远程网络关闭设备生成的检测通知时，隔离管理器根据存储在隔离策略存储器中的隔离策略生成关闭操作请求，并将请求发送到 通信关闭单元。 根据关机操作请求，通信关机单元设置识别关机目标的关闭数据，并控制要从网段输入和输出的分组，使得分组可以被切断或通过。

公开(公告)号：US08307445B2

公开(公告)日：2012-11-06

申请号：US12168281

申请日：2008-07-07

申请人： Bintatsu Noda ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

发明人： Bintatsu Noda ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： H04L29/06

CPC分类号： H04L63/1408 ,  G06F21/50

摘要： An anti-worm program allows a computer to execute control of communication suspected as worm communication, the program allowing the computer to execute: a communication information acquisition step that acquires communication information which is information concerning communication from a target source; and a communication control step that has a control amount calculation formula for calculating the control amount of the communication from the target source using the communication information and performs control of the communication from the target source based on the communication control amount obtained using the control amount calculation formula.

摘要翻译： 防蠕虫程序允许计算机执行怀疑为蠕虫通信的通信的控制，所述程序允许计算机执行：通信信息获取步骤，获取作为来自目标源的通信的信息的通信信息; 以及通信控制步骤，具有控制量计算公式，用于使用所述通信信息从目标源计算通信的控制量，并且基于使用所述控制量计算获得的通信控制量来执行来自所述目标源的通信的控制 式。

公开(公告)号：US20080271148A1

公开(公告)日：2008-10-30

申请号：US12168281

申请日：2008-07-07

申请人： Bintatsu NODA ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

发明人： Bintatsu NODA ,  Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： G06F21/00

CPC分类号： H04L63/1408 ,  G06F21/50

摘要： An anti-worm program allows a computer to execute control of communication suspected as worm communication, the program allowing the computer to execute: a communication information acquisition step that acquires communication information which is information concerning communication from a target source; and a communication control step that has a control amount calculation formula for calculating the control amount of the communication from the target source using the communication information and performs control of the communication from the target source based on the communication control amount obtained using the control amount calculation formula.

摘要翻译： 防蠕虫程序允许计算机执行怀疑为蠕虫通信的通信的控制，所述程序允许计算机执行：通信信息获取步骤，获取作为来自目标源的通信的信息的通信信息; 以及通信控制步骤，具有控制量计算公式，用于使用所述通信信息从目标源计算通信的控制量，并且基于使用所述控制量计算获得的通信控制量来执行来自所述目标源的通信的控制 式。

公开(公告)号：US20060291490A1

公开(公告)日：2006-12-28

申请号：US11346243

申请日：2006-02-03

申请人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

发明人： Kazumasa Omote ,  Yoshiki Higashikado ,  Masahiro Komura ,  Bintatsu Noda ,  Masashi Mitomo ,  Satoru Torii

IPC分类号： H04L12/56

CPC分类号： H04L63/145

摘要： A computer-readable recording medium having recorded a worm determination program capable of reliably determining a worm-infected communication. A worm determination apparatus for executing the program includes a plurality of physical ports functioning as network connection ports, a communication-information-acquisition unit, and a worm determination unit. The communication-information-acquisition unit acquires information about a packet type, classified according to a transmission-source address. The worm determination unit determines whether a communication is performed by a worm, based on the information about the packet type, classified according to the transmission-source address, acquired by the communication-information-acquisition unit and a determination criterion used for determining whether a communication is performed by a worm.

摘要翻译： 一种记录了能够可靠地确定蠕虫感染通信的蠕虫确定程序的计算机可读记录介质。 用于执行程序的蠕虫确定装置包括用作网络连接端口的多个物理端口，通信信息获取单元和蠕虫确定单元。 通信信息获取单元获取关于根据发送源地址分类的分组类型的信息。 蠕虫确定单元基于由通信信息获取单元获取的根据发送源地址分类的关于分组类型的信息，以及用于确定是否由 通信由蠕虫执行。

公开(公告)号：US07752668B2

公开(公告)日：2010-07-06

申请号：US11041434

申请日：2005-01-25

申请人： Kazumasa Omote ,  Masahiko Takenaka ,  Satoru Torii

发明人： Kazumasa Omote ,  Masahiko Takenaka ,  Satoru Torii

IPC分类号： G08B23/00

CPC分类号： H04L63/145 ,  G06F11/3006 ,  G06F11/3041 ,  G06F11/3055 ,  G06F21/566 ,  G06F21/85

摘要： In this system, a monitor unit monitors outbound communications through a network interface. A process designation unit designates a process 2X which has generated communications. A process tree obtaining unit obtains and outputs process tree information for designation of an upper process to the process 2X. A discrimination unit refers to an illegal rule file for definition of an illegal process by a combination of a process and an upper process which have generated communications, and determines whether or not a process 2X is illegal according to communications information, process information, and process tree information. A process stop unit stops a process 2X determined to be illegal. A notification unit notifies a user of the stop of the process 2X.

摘要翻译： 在该系统中，监视器单元通过网络接口监视出站通信。 处理指定单元指定已经生成通信的处理2X。 处理树获取单元获取并输出用于指定处理2X的上位处理的处理树信息。 歧视单元是指通过进行通信的处理和上位处理的组合来定义非法处理的非法规则文件，根据通信信息，处理信息和处理来判断处理2X是否为非法 树信息。 过程停止单元停止被确定为非法的过程2X。 通知单元向用户通知处理2X的停止。

公开(公告)号：US07490149B2

公开(公告)日：2009-02-10

申请号：US10729992

申请日：2003-12-09

申请人： Kazumasa Omote ,  Satoru Torii

发明人： Kazumasa Omote ,  Satoru Torii

IPC分类号： G06F15/173 ,  G06F15/16 ,  H04L9/32

CPC分类号： H04L63/14 ,  H04L29/06 ,  H04L63/145 ,  H04L67/34

摘要： A security management apparatus is capable of taking various security measures while referencing machine information and hence excellent in flexibility and widely applicable. The apparatus includes a security diagnostic unit for making a security diagnosis on the basis of security information obtained from a security information providing apparatus for providing information concerning security in a network and further on the basis of machine information obtained from at least one network machine connected to a network to judge a type of security-related processing to be executed for the network machine and also judge whether or not the security-related processing needs to be executed. A security execution unit executes predetermined security measure processing for the network machine on the basis of a result of diagnosis made by the security diagnostic unit.

摘要翻译： 安全管理装置能够在引用机器信息的同时采取各种安全措施，因此具有优异的灵活性并且广泛适用。 该装置包括安全诊断单元，用于根据从安全信息提供装置得到的安全信息进行安全诊断，所述安全信息用于提供关于网络中的安全性的信息，并且还根据从至少一个连接到 网络，用于判断为网络机器执行的安全相关处理的类型，并判断是否需要执行安全相关处理。 安全执行单元根据由安全诊断部进行的诊断结果对网络机进行预定的安全措施处理。