Abstract: A malicious access-detecting apparatus which is cable of grasping the whole aspect of an attack which can occur, before it actually occurs. A monitoring information-collecting section collects monitoring information including the network events detected by the monitoring devices on networks. A malicious apparatus group-deriving section retrieves a corresponding piece of the event information from an event information storage device, and derives, based on the retrieved piece of the event information, apparatuses that are involved in relevant detected network events which belong to the predetermined type of network events and of which addresses of senders or recipients are same, as a malicious apparatus group involved in the predetermined type of malicious access. A storage section stores information on each derived malicious apparatus group. An output section outputs a list of the each derived malicious apparatus group.

Abstract: The system includes the monitor agent that analyzes log of an entity. When an abnormality is detected, the monitor agent notifies about the abnormality to the control manager. The control manager decides a countermeasure and a countermeasure request party from the database and informs them to the action agent which the countermeasure request party. The action agent implements the countermeasure.

Abstract: An unauthorized access detection device capable of detecting unauthorized accesses which are made through preparation, in real time. When a packet travels on a network, a key data extractor obtains the packet and obtains key data. Next an ongoing scenario detector searches an ongoing scenario storage unit for an ongoing scenario with the key data as search keys. A check unit determines whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit. Then a report output unit outputs an unauthorized access report depending on the check result of the check unit.

Abstract: A malicious access-detecting apparatus which is cable of grasping the whole aspect of an attack which can occur, before it actually occurs. A monitoring information-collecting section collects monitoring information including the network events detected by the monitoring devices on networks. A malicious apparatus group-deriving section retrieves a corresponding piece of the event information from an event information storage device, and derives, based on the retrieved piece of the event information, apparatuses that are involved in relevant detected network events which belong to the predetermined type of network events and of which addresses of senders or recipients are same, as a malicious apparatus group involved in the predetermined type of malicious access. A storage section stores information on each derived malicious apparatus group. An output section outputs a list of the each derived malicious apparatus group.

Abstract: An unauthorized access detection device capable of detecting unauthorized accesses which are made through preparation, in real time. When a packet travels on a network, a key data extractor obtains the packet and obtains key data. Next an ongoing scenario detector searches an ongoing scenario storage unit for an ongoing scenario with the key data as search keys. A check unit determines whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit. Then a report output unit outputs an unauthorized access report depending on the check result of the check unit.

Abstract: A filtering apparatus includes an illegal request DB (database) which stores patterns of illegal accesses to a Web server, an estimation section which estimates the legality of an access request from a client device based on the illegal access patterns stored in the illegal request DB and on a predetermined estimation rule, and a determination section which determines whether the access request is to be transmitted to the Web server based on an estimation result of the estimation section and on a predetermined determination rule.

Abstract: The filtering system includes the incorrect request database that stores patterns of incorrect accesses to the Web server. The estimation unit that estimates the correctness of an access request from a client device based on the patterns stored in the incorrect request database and a predetermined estimation rule. The decision unit decides whether the access request is to be passed to the Web server based on the result of estimation by the estimation unit and a predetermined decision rule.

Abstract: The system includes the monitor agent that analyzes log of an entity. When an abnormality is detected, the monitor agent notifies about the abnormality to the control manager. The control manager decides a countermeasure and a countermeasure request party from the database and informs them to the action agent which the countermeasure request party. The action agent implements the countermeasure.