-
公开(公告)号:US11244048B2
公开(公告)日:2022-02-08
申请号:US16489355
申请日:2018-02-19
发明人: Shingo Orihara , Tohru Sato , Yohsuke Shimada , Yuta Iwaki , Yang Zhong
摘要: An attack pattern extraction device includes an extraction unit and an attack pattern generation unit. The extraction unit extracts a common character string of parameters included in an access log of communication that is determined as an attack. The attack pattern generation unit generates an attack pattern on the basis of a character string with a string length being equal to or longer than a predetermined length among extracted consecutive character strings.
-
公开(公告)号:US11563717B2
公开(公告)日:2023-01-24
申请号:US15734233
申请日:2019-04-15
发明人: Kunio Miyamoto , Shingo Orihara , Yuta Iwaki , Yo Kanemoto , Yuichi Murata
IPC分类号: H04L9/40
摘要: A generation method includes identifying, as paths that are abstraction candidates, dynamically generated paths among paths in a profile that is used to determine whether each request to a server is an attack, and counting numbers of path variations corresponding to the respective paths that are abstraction candidates, and abstracting paths contained in the profile when a number of variations counted at the counting satisfies a certain condition, by processing circuitry.
-
公开(公告)号:US11470097B2
公开(公告)日:2022-10-11
申请号:US16490352
申请日:2018-02-16
发明人: Shingo Orihara , Tohru Sato , Yohsuke Shimada , Yang Zhong , Yuta Iwaki
摘要: A global profile generation unit acquires a profile including, as an entry, information on parameter values for a combination of path parts and parameter names included in a normal HTTP request to a web server. When entries, in which the path parts are different but the parameter names are the same, are present in the acquired profile, the global profile generation unit generates a global profile in which the entries of the parameter names are aggregated in the acquired profile.
-
公开(公告)号:US12028352B2
公开(公告)日:2024-07-02
申请号:US17056432
申请日:2019-04-16
发明人: Yuta Iwaki , Shingo Orihara , Kunio Miyamoto , Yo Kanemoto , Yuichi Murata
CPC分类号: H04L63/1416 , G06N20/00
摘要: A learning device generates a character class series abstracting a structure of a predetermined character string included in each of requests to the server which have been generated in a predetermined period. Also, for each of the combinations of the predetermined identification information and the character class series included in the requests, the learning device calculates a score for update which becomes higher as the number of times of appearance of the combination is increased and becomes higher as the appearance of the combination is continued. Based on the score for update, the learning device updates the profile of each combination for determining whether the request is an attack or not.
-
公开(公告)号:US11868853B2
公开(公告)日:2024-01-09
申请号:US16078067
申请日:2017-01-19
发明人: Shingo Orihara , Masaki Tanikawa , Tohru Sato , Yuta Iwaki
CPC分类号: G06N20/00 , G06F16/285 , G06F21/316 , G06F21/552 , G06N5/045
摘要: An input unit receives an input of data, as learning purpose data and determination target data, in which requests made to a server by a user are represented in a time series. Then, a shaping unit shapes the received data. A classifying unit classifies the shaped data for each user who made the requests. Then, a learning unit extracts, from the classified learning purpose data, consecutive n requests as feature values of the learning purpose data, performs learning by using the feature values of the learning purpose data, and creates a profile for each user. A determination unit extracts, from the classified determination target data, consecutive n requests as feature values of the determination target data and performs determination of the determination target data based on the feature values of the determination target data and based on the profiles created by the learning unit.
-
公开(公告)号:US11233809B2
公开(公告)日:2022-01-25
申请号:US16487834
申请日:2018-02-20
发明人: Yuta Iwaki , Shingo Orihara , Yang Zhong , Tohru Sato , Yohsuke Shimada
摘要: An extraction unit-extracts a specific request from among requests that do not match with a profile on the basis of a similarity to a request to a server, where the profile determines whether the request is an attack. Further, a determination unit determines whether the specific request extracted by the extraction unit meets a predetermined condition indicating that the specific request is continuously transmitted from a certain number or more of transmission sources. Furthermore, a control unit relearns the profile if the determination unit determines that the specific request meets the predetermined condition.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.019 秒)
