-
1.发明申请公开(公告)号:US20210224397A1
公开(公告)日:2021-07-22
申请号:US17199894
申请日:2021-03-12
IPC分类号: G06F21/57
摘要: An evaluation tree generation unit (101) generates as an evaluation tree, an attack tree about an information system, which is based on inference using predicate logic. A gold tree generation unit (102) generates a gold tree which covers an intrusion route to the information system and reflects an intrusion procedure for the information system, by using network configuration information indicating a network configuration of the information system and intrusion procedure information indicating an intrusion procedure assumed in intrusion into the information system. A tree comparison unit (103) compares the evaluation tree with the gold tree.
-
2.发明公开公开(公告)号:US20240202345A1
公开(公告)日:2024-06-20
申请号:US18408699
申请日:2024-01-10
发明人: Takeshi ASAI , Ryosuke SHIMABE
IPC分类号: G06F21/57
CPC分类号: G06F21/577 , G06F2221/034
摘要: A diversion determination unit (110) compares a configurational element included in a system threat (21) with a configurational element included in a scenario threat (311) which is a threat corresponded to an analysis scenario (31), where one attack scenario among a plurality of attack scenarios is used as the analysis scenario (31). The diversion determination unit (110) determines based on a comparison result, whether or not the analysis scenario (31) can be diverted to the attack scenario indicating a process up to occurrence of the system threat (21). When it is determined that the analysis scenario (31) can be diverted, a scenario diversion unit (120) generates a new attack scenario (32) indicating the process up to the occurrence of the system threat (21), by diverting the analysis scenario (31).
-
公开(公告)号:US20210168170A1
公开(公告)日:2021-06-03
申请号:US17039293
申请日:2020-09-30
发明人: Takeshi ASAI , Kiyoto KAWAUCHI
IPC分类号: H04L29/06
摘要: A combination identification unit (27) identifies combinations of one or more components which constitute a target system and in each of which an intrusion detection system that detects unauthorized access can be installed. A combination reduction unit (28) extracts, from the combinations identified by the combination identification unit, a combination that satisfies an installation condition accepted by an installation condition input unit (22) and can detect unauthorized communications indicated by attack information accepted by an attack information input unit (24) at a rate higher than or equal to a threshold.
-
公开(公告)号:US20200320191A1
公开(公告)日:2020-10-08
申请号:US16464162
申请日:2017-01-18
发明人: Takeshi ASAI , Kiyoto KAWAUCHI
IPC分类号: G06F21/55
摘要: A measure point extracting unit (203) extracts, from attack route information in which a threat and a plurality of attack routes each including one or more attack actions and being procedures for generating the threat are described, a plurality of combinations of attack actions to be addressed in order to inhibit generation of the threat. An objective-function deriving unit (204) acquires one or more measure candidates and an usability level of each of the measure candidates, for each of the attack actions included in the plurality of combinations of attack actions. The objective-function deriving unit (204) and an objective-function calculating unit (205) generate a plurality of combinations of measure candidates by allocating, for each of the combinations of attack actions, each of measure candidates to each of the attack actions included in the combination of attack actions, calculate, for each of the combinations of measure candidates, an evaluation value, on the basis of the usability level of each of the measure candidates included in the combination of the measure candidates and an importance level of an attack route including an attack action to which each of the measure candidates included in the combination of measure candidates is allocated, and specify a combination of measure candidates to be applied, for each of the combinations of attack actions, on the basis of the evaluation values.
-
5.发明申请公开(公告)号:US20190081988A1
公开(公告)日:2019-03-14
申请号:US16081325
申请日:2016-06-01
发明人: Tomonori NEGI , Kiyoto KAWAUCHI , Junko NAKAJIMA , Yukio IZUMI , Hiroyuki SAKAKIBARA , Shigeki KITAZAWA , Kazuhiro ONO , Takeshi ASAI , Hideaki IJIRO , Hiroki NISHIKAWA
摘要: A second communication unit (411) of a security management apparatus (201) externally receives dependency information (412) indicating a dependence relation between information assets individually held by a first system and a second system. Then, a selection unit (415) of the security management apparatus (201) selects a security measure to be implemented, from among candidates for a security measure against a threat to an information asset held by the first system, in accordance with a dependence relation indicated by the dependency information (412) received by the second communication unit (411).
-
公开(公告)号:US20210365431A1
公开(公告)日:2021-11-25
申请号:US16603138
申请日:2017-05-25
发明人: Tomonori NEGI , Kiyoto KAWAUCHI , Yukio IZUMI , Takeshi ASAI , Takumi YAMAMOTO , Hiroki NISHIKAWA , Keisuke KITO , Kohei TAMMACHI
IPC分类号: G06F16/23 , G06F16/9537
摘要: In an SNS server (103) corresponding to a false submission filter device, an event specifying unit (604) analyzes contents of a submission informing of an occurrence of an event and specifies a location (721) of occurrence of the event. A query destination specifying unit (605) searches a query destination database (613) and specifies a query destination corresponding to the location (721) specified by the event specifying unit (604). A query unit (606) transmits a request for checking the presence or absence of occurrence of the event from the observation result of one or more machines to the query destination specified by the query destination specifying unit (605). The query unit (606) receives a response to the request. A result reflecting unit (607) determines whether the contents of the submission are true or false from a check result indicated by the response received by the query unit (606). The result reflecting unit (607) performs a process in accordance with a determination result on the submission.
-
7.发明申请公开(公告)号:US20210248231A1
公开(公告)日:2021-08-12
申请号:US17244515
申请日:2021-04-29
发明人: Ryosuke SHIMABE , Takeshi ASAI , Kiyoto KAWAUCHI
IPC分类号: G06F21/55
摘要: A system dividing unit (110) divides a target system into a plurality of sub-systems. A root system selection unit (122) selects a sub-system in which a threat on security occurs, as a root system from among the plurality of sub-systems. A root tree generation unit (131) generates an attack tree of the root system, as a root tree. A descendant system selection unit (132) selects one sub-system or more located on an intrusion course to the root system, as one descendent system or more from among the plurality of sub-systems. A descendant tree generation unit (133) generates one attack tree or more corresponding to the one descendent system or more, as one descendent tree or more. A sub-attack tree integration unit (140) integrates the root tree and the one descendent tree or more, to thereby generate an attack tree of the target system.
-
公开(公告)号:US20210049322A1
公开(公告)日:2021-02-18
申请号:US17071038
申请日:2020-10-15
发明人: Ryosuke SHIMABE , Takeshi ASAI , Kiyoto KAWAUCHI
IPC分类号: G06F40/232 , G06F40/226 , G06F40/12 , G06K9/00 , G06K9/72
摘要: In an input error detection device (100), a selection unit (108) selects a group of words that appear common to a system specification document (117) describing a specification of an information system in a natural language, and an analysis object document (116) describing at least either one of analysis device input information (111) being input information to an analysis device that analyzes the information system, and analysis device output information (112) being output information from the analysis device, in a natural language. A learning unit (109) learns a meaning of an individual word in each of the system specification document (117) and the analysis object document (116), wherein the individual word belongs to the group of words selected by the selection unit (108). A detection unit (110) detects a change, between the system specification document (117) and the analysis object document (116), in meaning learned by the learning unit (109), so as to identify a word error being included in the analysis object document (116) and resulting from an input error of the analysis device input information (111).
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.017 秒)
