Abstract: According to an aspect of an embodiment, a method for controlling an apparatus for transferring data from a plurality of first devices to a second device via a network, the data being transferred by using a packet, comprises the steps of: extracting type information identifying type of software conveyed by a packet and destination information identifying destination of the packet transmitted from one of the first devices; counting the number of kinds of the type information extracted from packets associated with the same destination information, respectively; and determining an unauthorized communication when the number of kinds of the type information is less than a predetermined value.

Abstract: An anti-worm program allows a computer to execute control of communication suspected as worm communication, the program allowing the computer to execute: a communication information acquisition step that acquires communication information which is information concerning communication from a target source; and a communication control step that has a control amount calculation formula for calculating the control amount of the communication from the target source using the communication information and performs control of the communication from the target source based on the communication control amount obtained using the control amount calculation formula.

Abstract: A communication detection method in which, based on a sender and a destination of communication data recorded in a communication log that records information concerning communication data exchanged between devices linked to a network, the communication log is divided into parts corresponding to individual object devices. The communication logs divided corresponding to the individual devices are analyzed so that the communication data in which a connection request to each device has been issued is extracted, and then a response success/failure table is generated based on whether a response from the device to the connection request has been detected; and based on the response success/failure table, when a time period that no response is obtained from the device satisfies a criterion condition determined in advance, it is determined that peer-to-peer communication has been performed.

Abstract: According to an aspect of an embodiment, a method for controlling an apparatus for transferring data from a plurality of first devices to a second device via a network, the data being transferred by using a packet, the method comprises the steps of: extracting encryption information identifying method of encryption conveyed by a packet and destination information identifying destination of the packet transmitted from one of the first devices; counting the number of kinds of the destination information extracted from packets associated with the same encryption information, respectively; and determining an unauthorized communication when the number of kinds of the encryption information is less than a predetermined value.

Abstract: A communication monitoring apparatus includes a session extracting unit which extracts a packet in a session established between a pair of a transmitting device and a receiving device from a plurality of packets, a lead-packet extracting unit which extracts a lead packet including control information on communication between the transmitting device and the receiving device from the packet, a storage unit in which an unauthorized signature is stored, a verification unit which performs verification between the lead packet and the unauthorized signature, and an output unit which supplies a monitoring result indicating that the session extracted by the session extracting unit is an unauthorized communication when the lead packet includes a portion matched with the unauthorized signature.

Abstract: An electronic mail management system for managing electronic mail includes an obtaining unit, an assigning unit and a memory. The obtaining unit obtains electronic mail whenever the electronic mail is sent or received. The assigning unit assigns at least one serial number to the electronic mail obtained by the obtaining unit. Each assigned serial number is a number from a sequence of numbers associated with at least one mail address included in the obtained electronic mail. The memory stores the obtained electronic mail in connection with the at least one assigned serial number.

Abstract: A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

Abstract: According to an aspect of an embodiment, a method for controlling an apparatus for transferring data from a plurality of first devices to a second device via a network, the data being transferred by using a packet, comprises the steps of: extracting type information identifying type of software conveyed by a packet and destination information identifying destination of the packet transmitted from one of the first devices; counting the number of kinds of the type information extracted from packets associated with the same destination information, respectively; and determining an unauthorized communication when the number of kinds of the type information is less than a predetermined value.

Abstract: According to an aspect of an embodiment, a method for controlling an apparatus for transferring data from a plurality of first devices to a second device via a network, the data being transferred by using a packet, the method comprises the steps of: extracting encryption information identifying method of encryption conveyed by a packet and destination information identifying destination of the packet transmitted from one of the first devices; counting the number of kinds of the destination information extracted from packets associated with the same encryption information, respectively; and determining an unauthorized communication when the number of kinds of the encryption information is less than a predetermined value.

Abstract: An anti-worm program allows a computer to execute control of communication suspected as worm communication, the program allowing the computer to execute: a communication information acquisition step that acquires communication information which is information concerning communication from a target source; and a communication control step that has a control amount calculation formula for calculating the control amount of the communication from the target source using the communication information and performs control of the communication from the target source based on the communication control amount obtained using the control amount calculation formula.

Abstract: The security information mediation apparatus comprises security information registering unit which registers security information supplied by a client of a user, a transfer unit which transfers the security information registered in the security information registering unit to a client of a program developer. This client judges the usefulness of the security information and outputs reply information when the security information is useful. A reply information registering unit receives the reply information and payment information that indicates payment of the information presentation fee of the corresponding security information from the developer client. A transfer unit transfers the reply information and payment information to the client of the user.

Abstract: In a network relay device, unauthorized access from an internal computer to an external network is detected, an unauthorized destination service port used for the unauthorized access is specified, and a substitute port is allocated. A service relay unit and the internal computer are instructed to use the substitute port instead of the unauthorized destination service port, and an unauthorized access notification is sent. Mutual conversion of the unauthorized destination service port and a substitute service port is carried out, to relay a packet between an internal network and the external network.

Abstract: A computer-readable recording medium recording a worm detection parameter setting program for setting an appropriate worm detection parameter for target environments. When a log reader loads a communication log created within a prescribed time period, a log classifier classifies the entries of the communication log into categories based on communication contents. A frequency distribution creator analyzes the entries of a category, counts the number of appearance of each worm detection parameter value for each object of a preset network unit, and creates frequency distribution information. A threshold derivation unit analyzes the frequency distribution information and derives a threshold value that is used for determining whether a worm is propagating. An output unit outputs to an output device the threshold value for the worm detection parameter for the category, together with the frequency distribution information created by the frequency distribution creator, thereby providing a user with the information.

Abstract: A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

Abstract: A computer-readable recording medium having recorded a worm determination program capable of reliably determining a worm-infected communication. A worm determination apparatus for executing the program includes a plurality of physical ports functioning as network connection ports, a communication-information-acquisition unit, and a worm determination unit. The communication-information-acquisition unit acquires information about a packet type, classified according to a transmission-source address. The worm determination unit determines whether a communication is performed by a worm, based on the information about the packet type, classified according to the transmission-source address, acquired by the communication-information-acquisition unit and a determination criterion used for determining whether a communication is performed by a worm.

Abstract: A computer-readable recording medium recording a worm detection program which is preferably usable for a large-scale network and is capable of detecting worm communication with little information. A worm detection device which runs this program has a switching hub function, and comprises five physical ports that are network interfaces, a communication acquisition section, and a worm detector, for example. The communication acquisition section acquires ICMP type3 (destination unreachable message) packets going out of the physical ports. The worm detector determines whether the packet communication is worm communication, based on information on the ICMP type3 packets obtained for each source MAC address by the communication acquisition section and worm criteria set for determining whether communication is worm communication.

Abstract: The digital signatures of users A and B are created for a transaction document which states the contents of a transaction between the users A and B, and they are sent to a transaction proof device of a notary public being a third party, together with the transaction document. Thus, the users A and B and the notary public share information, and the notary public can objectively prove the transactional contents, etc.

Abstract: The security information mediation apparatus comprises security information registering unit which registers security information supplied by a client of a user, a transfer unit which transfers the security information registered in the security information registering unit to a client of a program developer. This client judges the usefulness of the security information and outputs reply information when the security information is useful. A reply information registering unit receives the reply information and payment information that indicates payment of the information presentation fee of the corresponding security information from the developer client. A transfer unit transfers the reply information and payment information to the client of the user.

Abstract: In an authentication system for companies, a server appends suitable verification data to an electronic document to be circulated through terminal units for persons in charge. Each terminal is allocated a unique function in advance and applies it to the verification data in turn when receiving the document. Upon receipt of the document that has been circulated through the persons in charge, the server examines the function-applied value appended to the document to determine whether the document has been circulated correctly through the persons in charge, or via the correct route.

Abstract: When a client sends an RPC request that requests a server for a service, the client adds identification information to the RPC request. When an active server receives an RPC request, it stores the identification information thereof in a stable area that is not destroyed even if a defect takes place in the client or the server, and executes the requested service. When a defect takes place in the active server, the backup server takes over the process of the active server. A PALIB of the backup server compares the identification information of the RPC request re-sent from the client with the identification information in the stable area. When they match, the PALIB determines that the RPC request is redundant. The backup server performs a redundant process and sends back the correct result to the client.