Analysis method, analysis device and recording medium

An analysis method and technology of an analysis device, which are applied in computer security devices, instruments, computing, etc., can solve problems such as damage to service providers, content tampering, and increase in Web application attacks.

Active Publication Date: 2021-06-04
NIPPON TELEGRAPH & TELEPHONE CORP
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, attacks that maliciously exploit the vulnerabilities of web applications have also increased
If content tampering or information leakage occurs due to such an attack, it will cause great damage to the service provider, so it is necessary to detect the attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Analysis method, analysis device and recording medium
  • Analysis method, analysis device and recording medium
  • Analysis method, analysis device and recording medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] Hereinafter, one embodiment of the present invention will be described in detail with reference to the drawings. In addition, this invention is not limited to this embodiment. In addition, in the description of the drawings, the same reference numerals are assigned to the same parts.

[0029] [system structure]

[0030] figure 1 It is a schematic diagram showing an example of a schematic configuration of a system to be analyzed by the analysis device of the present embodiment. Such as figure 1 As shown, the Web server 1 operated by the service provider receives requests to the Web server 1 such as HTTP requests from the client terminal 3 through the network 2, and provides Web application services to users of the client terminal 3. The Web server 1 stores logs of events such as HTTP requests, file access, network access, command execution, and database (DB) access related to the provision of Web application services in an appropriate storage area.

[0031] In such ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

In order to correctly correlate multiple events of different types that occur in the same Web server, and to detect attacks on Web applications correctly, the event acquisition unit (151) acquires logs including events for HTTP requests to the Web server. The relevant part (152) uses the process ID of the process that processes the event contained in the log to make a collection of HTTP requests and events associated with it as an event module, and the attack detection part (155) uses the log of the event of the object of attack detection The generated event module is compared with the profiles of the profile list (143) created from normal events to obtain similarity, and when the similarity is below a predetermined threshold, it is detected as an event module containing an abnormal event based on an attack. The event-related unit (152) also creates an event module using the source port number included in the event.

Description

technical field [0001] The present invention relates to an analysis method, an analysis device and a recording medium. Background technique [0002] In recent years, web applications are used for various services and are becoming part of the foundation of society. At the same time, attacks that maliciously exploit the vulnerabilities of web applications have also increased. If content falsification or information leakage occurs due to such an attack, it will cause great damage to the service provider, so it is necessary to detect the attack. [0003] In order to detect an attack on a web application, a technique is known that correlates a plurality of events of different types, such as an HTTP request event that occurs in the same web server, with other events. For example, HTTP requests and FireWall logs are compared, and events whose occurrence times are relatively recent are associated as related events (see Non-Patent Document 1). [0004] prior art literature [000...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F11/30G06F11/34
CPCG06F11/30G06F11/34G06F21/552H04L63/1416H04L63/1425H04L63/1441G06F21/55H04L43/04
Inventor 钟扬朝仓浩志谷川真树
Owner NIPPON TELEGRAPH & TELEPHONE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap