公开(公告)号：US09372995B2

公开(公告)日：2016-06-21

申请号：US14237152

申请日：2011-09-08

申请人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

发明人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

IPC分类号： G06F21/00 ,  G06F21/57

CPC分类号： G06F21/577 ,  G06F2221/033

摘要： A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerability.

摘要翻译： 漏洞对策装置存储将通过网络连接的多台计算机与各计算机拥有的软件相关联的配置信息，将软件与软件的脆弱性相关的信息关联的脆弱性信息以及将软件与要执行的对策策略相关联的对策策略信息 如果软件有一个漏洞; 基于与从使用终端接收到的数据中包含的数据的路径有关的信息计算数据将到达的计算机; 基于计算机和配置信息获取计算机中存在的软件; 根据获取的软件和漏洞信息，评估所获取的软件是否存在漏洞; 并且设置有对应单元，用于根据针对被评估为具有该脆弱性的软件的对策策略来执行对脆弱性的对策。

公开(公告)号：US20130333045A1

公开(公告)日：2013-12-12

申请号：US14000489

申请日：2011-12-08

申请人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

发明人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

IPC分类号： G06F21/57

CPC分类号： G06F21/577 ,  G06F2221/034 ,  H04L41/0853 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5096 ,  H04L63/20

摘要： A security level of each service is calculated and visualized. The device includes a security level calculation unit and a security level visualization unit. The security level calculation unit receives information regarding security of the service from a plurality of sensors as observation information, and calculates a security level of each service based on the received observation information and a security level calculation policy. The security level visualization unit outputs the security level of each service, based on the security level calculated by the security level calculation unit and configuration information of the service. Further, the security level calculation policy has a service, a user using the service, and an observation item to be observed in the service. The security level calculation unit calculates the security level in association with the user of the service and the service, based on the security level calculation policy.

摘要翻译： 计算和可视化每个服务的安全级别。 该设备包括安全级别计算单元和安全级别可视化单元。 安全级别计算单元从多个传感器接收关于服务的安全性的信息作为观察信息，并且基于接收到的观察信息和安全级别计算策略来计算每个服务的安全级别。 安全级别可视化单元基于由安全级别计算单元计算的安全级别和服务的配置信息输出每个服务的安全级别。 此外，安全级别计算策略具有服务，使用该服务的用户以及要在服务中观察的观察项目。 安全级别计算单元基于安全级别计算策略计算与服务和服务的用户相关联的安全级别。

公开(公告)号：US20120210125A1

公开(公告)日：2012-08-16

申请号：US13368620

申请日：2012-02-08

申请人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

发明人： Tomohiro Shigemoto ,  Hirofumi Nakakoji ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto ,  Tadashi Kaji ,  Satoshi Kai

IPC分类号： H04L29/06

CPC分类号： H04L63/1408 ,  H04L63/0428

摘要： An encrypted traffic test system is disclosed which tests whether or not traffic involving packets over a network is encrypted, the encrypted traffic test system including: a test data acquisition portion configured to receive each of the packets on the network so as to acquire test data from the received packet; an encrypted traffic test portion configured to evaluate the test data acquired by the test data acquisition portion for randomness using a random number testing scheme and, if the test data is evaluated to have randomness, to further determine that the traffic involving the packets including the test data is encrypted traffic; and a test result display portion configured to display a test result from the encrypted traffic test portion on a test result display screen.

摘要翻译： 公开了一种加密流量测试系统，其测试是否对通过网络进行分组的流量进行加密，所述加密流量测试系统包括：测试数据获取部分，被配置为接收网络上的每个分组，以便从 收到的包; 被配置为使用随机数测试方案来评估由测试数据获取部分获取的随机性的测试数据的加密流量测试部分，并且如果测试数据被评估为具有随机性，则进一步确定涉及包括测试的分组的流量 数据是加密流量; 以及测试结果显示部分，被配置为在测试结果显示屏幕上显示来自加密的流量测试部分的测试结果。

公开(公告)号：US20120272326A1

公开(公告)日：2012-10-25

申请号：US13360569

申请日：2012-01-27

申请人： SATOSHI KAI ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto

发明人： SATOSHI KAI ,  Tetsuro Kito ,  Hisashi Umeki ,  Satoshi Takemoto

IPC分类号： G06F21/24

CPC分类号： G06Q10/00 ,  G06Q20/363

摘要： A tokenization unit that tokenizes a real name ID to a different tokenized ID according to a user's service usage situation, a service history analyzing unit that analyzes service history data, a tokenized ID checking unit that determines whether different tokenized IDs are the same in analyzing a plurality of items of service history data including the different tokenized IDs, and a tokenization change management unit that manages a service usage situation the same as that of tokenization by the tokenization unit. The service history analyzing unit performs: a predetermined service history analysis if a target is a service usage situation in which the same tokenized ID appears; and a predetermined service history analysis as different tokenized IDs are considered to be the same user by the tokenized ID checking unit if a target is a service usage situation in which a different tokenized ID appears.

摘要翻译： 一种令牌化单元，其根据用户的服务使用情况将真实姓名ID标记为不同的标识ID，服务历史分析单元，其分析服务历史数据;令牌化ID检查单元，用于在分析服务历史数据时确定不同的令牌化ID是否相同 多个服务历史数据项目，包括不同的标记化ID，以及令牌化改变管理单元，其管理与令牌化单元的令牌化相同的服务使用情况。 服务历史分析单元执行：如果目标是出现相同标识ID的服务使用情况，则进行预定的服务历史分析; 并且如果目标是出现不同的令牌化ID的服务使用情况，则由令牌化ID检查单元将作为不同标记化ID的预定服务历史分析视为是相同的用户。

公开(公告)号：US20120192278A1

公开(公告)日：2012-07-26

申请号：US13387781

申请日：2010-06-07

申请人： Tetsuro Kito ,  Nobutaka Kawaguchi ,  Kazuya Okochi ,  Hirofumi Nakakoji ,  Tomohiro Shigemoto ,  Tatsunoshin Kawaguchi

发明人： Tetsuro Kito ,  Nobutaka Kawaguchi ,  Kazuya Okochi ,  Hirofumi Nakakoji ,  Tomohiro Shigemoto ,  Tatsunoshin Kawaguchi

IPC分类号： G06F21/00 ,  G06F11/30

CPC分类号： G06F21/52

摘要： Provided is a system whereby information on activities obtained by way of monitoring system access to input and output devices and storage devices in a terminal as well as information on activities executed by way of a terminal and obtained by way of monitoring communications through a network are associated with processes in the terminal that generated the activities, and if the activities are predetermined activities executed by the same or related processes, the system detects that unauthorized processes are running on the terminal.

摘要翻译： 提供了一种系统，其中通过监视对终端中的输入和输出设备和存储设备的系统访问而获得的活动的信息以及通过终端执行并且通过通过网络监视通信获得的活动的信息被相关联 终端中的进程生成活动，并且如果活动是由相同或相关进程执行的预定活动，则系统检测到未经授权的进程在终端上运行。

公开(公告)号：US20120005147A1

公开(公告)日：2012-01-05

申请号：US13170943

申请日：2011-06-28

申请人： HIROFUMI NAKAKOJI ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine ,  Tomohiro Shigemoto

发明人： HIROFUMI NAKAKOJI ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine ,  Tomohiro Shigemoto

IPC分类号： G06N5/02

CPC分类号： G06F21/566 ,  G06F21/606 ,  G06Q10/063114 ,  G06Q10/0635

摘要： A technique for collecting information concerning those files distributed on a file sharing network and for detecting an information leak file to take corrective measures is provided. Supervised information is generated by adding as attributes a file type, a speech-part appearance frequency of words making up a file name and a result of human-made judgment as to whether a file being inspected is the information leak file to key information collected from the file sharing network. Next, the supervised information is input to a decision tree leaning algorithm, thereby causing it to learn an information leak file judgment rule and then derive a decision tree for use in information leak file judgment. Thereafter, this decision tree is used to detect the information leak file from key information flowing on the file sharing network, followed by alert transmission and key information invalidation, thereby preventing damage expansion.

摘要翻译： 提供了一种用于收集关于在文件共享网络上分发的文件的信息和用于检测信息泄漏文件以采取纠正措施的技术。 通过将文件类型，构成文件名的单词的语音部分出现频率和关于被检查文件的人为判断结果作为属性添加到信息泄漏文件来生成关键信息，从而从 文件共享网络。 接下来，将监督信息输入到决策树倾斜算法，从而使其学习信息泄漏文件判断规则，然后导出用于信息泄漏文件判断的决策树。 此后，该决策树用于从文件共享网络上流动的密钥信息中检测信息泄漏文件，随后进行警报传输和密钥信息无效，从而防止损坏扩展。

公开(公告)号：US20100050260A1

公开(公告)日：2010-02-25

申请号：US12461363

申请日：2009-08-10

申请人： Hirofumi Nakakoji ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine

发明人： Hirofumi Nakakoji ,  Tetsuro Kito ,  Masato Terada ,  Shinichi Tankyo ,  Isao Kaine

IPC分类号： G06F11/00

CPC分类号： H04L63/0227 ,  H04L63/1425 ,  H04L2463/144

摘要： An attack node set determination apparatus obtains an event log basic parameter extracted from collected event logs and attribute information based on the event log basic parameter. The attack node set determination apparatus performs a clustering on a space having dimensions of part or all of the obtained attribute information and event log basic parameter, computes a cluster, and transmits information on the cluster and a countermeasure against the cluster to a firewall. Upon detecting an attack packet from an attack node set, the firewall identifies a cluster including the attack packet and conducts a countermeasure against the whole identified cluster.

摘要翻译： 攻击节点集确定装置根据事件日志基本参数获取从收集的事件日志中提取的事件日志基本参数和属性信息。 攻击节点集确定装置对获得的属性信息和事件日志基本参数的部分或全部的空间的空间进行聚类，计算群集，并且将关于群集的信息和针对群集的对策发送到防火墙。 在从攻击节点集中检测到攻击报文时，防火墙会识别包含攻击报文的集群，并针对整个识别的集群进行对策。