Title:
フロー解析装置、トラフィック解析システム、及びフロー解析方法
Document Type and Number:
Japanese Patent JP6581053
Kind Code:
B2
Abstract:
PROBLEM TO BE SOLVED: To detect a botnet communicating via a network in an early stage even if it is a large network.SOLUTION: A flow analysis device comprises: a packet collection part for receiving flow information from a transfer device configuring a service network; and a suspicious endpoint extraction part which extracts a destination endpoint of a flow group as a suspicious endpoint related to a botnet when it is detected that the number of origination types is the first threshold value or more in the flow group which has the same destination endpoint as the analysis target extracted from the flow information and that the amount of communication in the flow group is kept without exceeding the second threshold value.SELECTED DRAWING: Figure 1
Inventors:
Yuichi Nakatani
Application Number:
JP2016171301A
Publication Date:
September 25, 2019
Filing Date:
September 01, 2016
Export Citation:
Assignee:
Nippon Telegraph and Telephone Corporation
International Classes:
H04L12/70
Domestic Patent References:
| JP2014057307A | ||||
| JP2007082242A | ||||
| JP2005134974A |
Other References:
林 裕平 他,パケット連続到着時間を判定基準とした攻撃検知方式の評価,電子情報通信学会技術研究報告(信学技報),2016年 2月25日,第115巻、第488号,pp.53-58(ICSS2015-56)
Attorney, Agent or Firm:
Tadashige Ito
Tadahiko Ito
Ryuji Ishihara
Tadahiko Ito
Ryuji Ishihara