INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM

When an attack on an information system is possibly carried out, a progress status of the attack is visualized to display a warning to a user, without using a correlation rule. A table storage unit 1001 stores a past case table indicating a phase string obtained by concatenating phase values indicat...

Full description

Saved in:
Bibliographic Details
Main Authors KAWAUCHI, KIYOTO, SAKURAI, SHOJI
Format Patent
LanguageEnglish
French
German
Published 29.07.2015
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:When an attack on an information system is possibly carried out, a progress status of the attack is visualized to display a warning to a user, without using a correlation rule. A table storage unit 1001 stores a past case table indicating a phase string obtained by concatenating phase values indicating attack progress degrees according to an event occurrence pattern in a past case. A phase string generation unit 1002 obtains a phase string by concatenating phase values according to the occurrence pattern of events that have occurred in the information system. A similarity degree calculation unit 1003 calculates a similarity degree between the phase string obtained by the phase string generation unit 1002 and the phase string indicated in the past case table. An attack status visualization unit 1004 visualizes the progress status of the attack on the information system, based on the phase string obtained by the phase string generation unit 1002 and a result of calculation of the similarity degree by the similarity degree calculation unit 1003.
Bibliography:Application Number: EP20130839403