Analysis method, analysis device, and analysis program

An analysis method and process technology, applied in the field of analysis, analysis device and analysis program, can solve the problems of increased web application attacks, service provider damage, content tampering, etc.

Active Publication Date: 2018-03-27
NIPPON TELEGRAPH & TELEPHONE CORP
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, attacks that maliciously exploit the vulnerabilities of web applications have also increased
If content tampering or information leakage occurs due to such an attack, it will cause great damage to the service provider, so it is necessary to detect the attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Analysis method, analysis device, and analysis program
  • Analysis method, analysis device, and analysis program
  • Analysis method, analysis device, and analysis program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] Hereinafter, one embodiment of the present invention will be described in detail with reference to the drawings. In addition, this invention is not limited to this embodiment. In addition, in the description of the drawings, the same reference numerals are assigned to the same parts.

[0029] [system structure]

[0030] figure 1 It is a schematic diagram showing an example of a schematic configuration of a system to be analyzed by the analysis device of the present embodiment. Such as figure 1 As shown, the Web server 1 operated by the service provider receives requests to the Web server 1 such as HTTP requests from the client terminal 3 through the network 2, and provides Web application services to users of the client terminal 3. The Web server 1 stores logs of events such as HTTP requests, file access, network access, command execution, and database (DB) access related to the provision of Web application services in an appropriate storage area.

[0031] In such ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The purpose of the invention is to accurately correlate a plurality of different types of events that have occurred in a single Web server, and to accurately detect an attack against a Web application. An event acquisition unit (151) acquires a log of events including an HTTP request to a Web server. An event correlation unit (152) creates, as an event block, a set of events including the HTTP request and events correlated therewith by employing process IDs of processes that processed the respective events included in the log. An attack detection unit (155) compares an event block created froma log of events to be subjected to attack detection with profiles in a profile list (143) created from normal events, and finds the degree of similarity, and if the degree of similarity is below or equal to a predetermined threshold, detects the event block as an event block including an abnormal event caused by an attack. The event correlation unit (152) also creates event blocks by employing transmission-source port numbers included in the respective events.

Description

technical field [0001] The present invention relates to an analysis method, an analysis device and an analysis program. Background technique [0002] In recent years, web applications are used for various services and are becoming part of the foundation of society. At the same time, attacks that maliciously exploit the vulnerabilities of web applications have also increased. If content falsification or information leakage occurs due to such an attack, it will cause great damage to the service provider, so it is necessary to detect the attack. [0003] In order to detect an attack on a web application, a technique is known that correlates a plurality of events of different types, such as an HTTP request event that occurs in the same web server, with other events. For example, HTTP requests and FireWall logs are compared, and events whose occurrence times are relatively recent are associated as related events (see Non-Patent Document 1). [0004] prior art literature [00...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F11/30G06F11/34
CPCG06F11/30G06F11/34G06F21/552H04L63/1416H04L63/1425H04L63/1441G06F21/55H04L43/04
Inventor 钟扬朝仓浩志谷川真树
Owner NIPPON TELEGRAPH & TELEPHONE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap