Abstract: Pharmaceutical preparations, Chinese herbal preparations, foods, and other compositions may contain, as an active ingredient, an ephedra extract, an ephedrine-alkaloid-free ephedra extract, or a polymercondensed tannin derived from an ephedra extract. Such compositions may be useful for preventing or treating COVID-19 infection (COVID-19). Such compositions are preferably provided in an orally ingestible form.

Abstract: A detection apparatus extracts an account and a source address of the account from authentication information obtained from an authentication apparatus configured to perform user authentication, groups accounts for each of time slots at predetermined time intervals and each of source addresses in accordance with a timestamp and the source address of the account, and extracts an account group from which duplication of an identical account in an identical group has been excluded. Subsequently, the detection apparatus calculates the number of duplicate accounts among the extracted account groups. The detection apparatus determines that an identical source address is an address of an attacker in a case where the number of account groups of the identical source address in which the number of calculated accounts exceeds a first threshold exceeds a second threshold.

Abstract: A user estimator includes an extractor extracting at least either order of page transitions on a website by a user or a time interval of transition to each page, as a feature amount of page browsing by the user, from data to be learned and representing a request by the user to the website, and extracting at least either order of page transitions on the website or a time interval of transition to each page, as a feature amount of page browsing by any user, from data to be estimated and representing requests by the users to the website, a learning unit creating a model indicating a feature of page browsing for each user, by learning the extracted feature amount, to be learned, of page browsing by each user, and an estimation unit referring to the feature amount, to be estimated, and the model, and estimating the user among users.

Abstract: In a security information management device (10), security information, which is information related to security, is collected. The security information management device (10) extracts, by referring to a security dictionary storing therein a keyword related to security for each attribute, a keyword from referrer security information that becomes a source to be compared with security information for relevance thereto, and calculates, by comparing the extracted keyword with a keyword included in the collected security information, relevance between the referrer security information and the security information. The security information management device (10) then output security information having higher calculated relevance more preferentially.

Abstract: In order to detect an attack to a web application accurately by accurately correlating different types of events having occurred in the same server, an event acquiring unit acquires a log of events containing a HTTP request to a server, an event correlator creates a set of the request and events relevant to the request as an event block by using process IDs of processes having processed events contained in the log, and an attack detector contrasts the event block that is created from the log of events in which an attack is to be detected with an event block that is created from normal events to calculate a degree of similarity and, when the degree of similarity is equal to or lower than a threshold, detects the event block as an event block containing an event that is abnormal due to an attack.

Abstract: A malware determination device, in which, upon input of an attribute name and an attribute value of an attribute of an executable file, a feature-selection setting unit registers the attribute with the attribute name in an attribute table as an attribute to be extracted, and registers the attribute value as an attribute value to be deleted in an attribute value table. Upon input of an executable file to be learned or to be determined, a feature extraction unit extracts an attribute value of an attribute registered as an attribute to be extracted in the attribute table from the executable file, to generate a feature vector including the extracted attribute value as a feature. A feature selection unit performs deletion of an attribute value registered as an attribute value to be deleted in the attribute value table from the feature vector.

Abstract: An analysis apparatus analyzes access logs including authentication results and authentication information of users, and includes: a calculation unit that calculates a similarity between pieces of authentication information in two consecutive access logs when access logs of the same access source, from the access logs, are chronologically arranged, and presumes that a piece of authentication information of the access logs of the user has been input by a human if the calculated similarity is equal to or greater than a predetermined value; and a risk determination unit that determines that there is a possibility that the access source in the access logs is being an attack source if an authentication result of any of the two access logs is authentication failure and the calculation unit presumes that any piece of authentication information of the two access logs has not been input by a human.

Abstract: A device including: a parameter extracting unit that extracts each parameter from an access request, a character-string class converting unit that, with regard to each parameter, compares each part of a parameter value with a previously defined character string class, replaces the part with a longest matching character string class, and conducting conversion for a class sequence that is sequentially arranged in order of replacement, a profile storing unit that stores, as a profile in a storage unit, a class sequence with the appearance frequency of equal to or more than a predetermined value in the above-described group of class sequences with regard to the access request of the normal data as learning data, and a failure detecting unit that determines the presence or absence of an attack in accordance with the degree of similarity between the above-described class sequence and the profile with regard to the access request.

Abstract: A detection apparatus extracts an account and a source address of the account from authentication information obtained from an authentication apparatus configured to perform user authentication, groups accounts for each of time slots at predetermined time intervals and each of source addresses in accordance with a timestamp and the source address of the account, and extracts an account group from which duplication of an identical account in an identical group has been excluded. Subsequently, the detection apparatus calculates the number of duplicate accounts among the extracted account groups. The detection apparatus determines that an identical source address is an address of an attacker in a case where the number of account groups of the identical source address in which the number of calculated accounts exceeds a first threshold exceeds a second threshold.

Abstract: A user estimation apparatus according to the present invention includes an extraction unit (11) that extracts at least either order of page transitions on a website by a user or a time interval of a transition to each page, as a feature amount of page browsing by the user, from data which is to be learned and represents a request by the user to the website, and the extraction unit extracts at least either order of page transitions on the website or a time interval of a transition to each page, as a feature amount of page browsing by any user, from data which is to be estimated and represents requests by the users to the website, a learning unit (12) that creates a model indicating a feature of page browsing for each user, by learning the extracted feature amount, which is to be learned, of page browsing by each user, and an estimation unit (14) that refers to the feature amount, which is to be estimated, of page browsing by the user, and the model, and estimates who the user is among users.

Abstract: In order to detect an attack to a web application accurately by accurately correlating different types of events having occurred in the same server, an event acquiring unit acquires a log of events containing a HTTP request to a server, an event correlator creates a set of the request and events relevant to the request as an event block by using process IDs of processes having processed events contained in the log, and an attack detector contrasts the event block that is created from the log of events in which an attack is to be detected with an event block that is created from normal events to calculate a degree of similarity and, when the degree of similarity is equal to or lower than a threshold, detects the event block as an event block containing an event that is abnormal due to an attack.

Abstract: An analysis apparatus analyzes access logs including authentication results and authentication information of users, and includes: a calculation unit that calculates a similarity between pieces of authentication information in two consecutive access logs when access logs of the same access source, from the access logs, are chronologically arranged, and presumes that a piece of authentication information of the access logs of the user has been input by a human if the calculated similarity is equal to or greater than a predetermined value; and a risk determination unit that determines that there is a possibility that the access source in the access logs is being an attack source if an authentication result of any of the two access logs is authentication failure and the calculation unit presumes that any piece of authentication information of the two access logs has not been input by a human.

Abstract: A device including: a parameter extracting unit that extracts each parameter from an access request, a character-string class converting unit that, with regard to each parameter, compares each part of a parameter value with a previously defined character string class, replaces the part with a longest matching character string class, and conducting conversion for a class sequence that is sequentially arranged in order of replacement, a profile storing unit that stores, as a profile in a storage unit, a class sequence with the appearance frequency of equal to or more than a predetermined value in the above-described group of class sequences with regard to the access request of the normal data as learning data, and a failure detecting unit that determines the presence or absence of an attack in accordance with the degree of similarity between the above-described class sequence and the profile with regard to the access request.

Abstract: A malware determination device, in which, upon input of an attribute name and an attribute value of an attribute of an executable file, a feature-selection setting unit registers the attribute with the attribute name in an attribute table as an attribute to be extracted, and registers the attribute value as an attribute value to be deleted in an attribute value table. Upon input of an executable file to be learned or to be determined, a feature extraction unit extracts an attribute value of an attribute registered as an attribute to be extracted in the attribute table from the executable file, to generate a feature vector including the extracted attribute value as a feature. A feature selection unit performs deletion of an attribute value registered as an attribute value to be deleted in the attribute value table from the feature vector.

Abstract: In an information management device, plural sets of document data on a network are collected. Subsequently, in the information management device, by use of words included in the respective sets of document data collected, the respective sets of document data are classified into predetermined fields, and tag information corresponding to the fields are respectively added to the sets of document data. In the information management device, a specification of a field of document data to be searched is then received. Subsequently, in the information management device, document data added with tag information corresponding to the received field are searched.

Abstract: In a security information management device, security information, which is information related to security, is collected. The security information management device extracts, by referring to a security dictionary storing therein a keyword related to security for each attribute, a keyword from referer security information that becomes a source to be compared with security information for relevance thereto, and calculates, by comparing the extracted keyword with a keyword included in the collected security information, relevance between the referer security information and the security information. The security information management device then output security information having higher calculated relevance more preferentially.

Abstract: So as to provide a latent heat recovery-type water heater capable of certainly preventing drain generated by heat exchange from being discharged out of an exhaust portion through an outlet with entrained by a flow of combustion gas, an exhaust portion 9 is formed by an exhaust portion constituting-body 25 attached above a secondary heat exchanger 7. The exhaust portion 9 includes therewithin a deflector 26 and a distribution board 27 opposed to the deflector 26. The deflector 26 has a deflection board 30 extending substantially vertically downward from a top face 9a of the exhaust portion 9, so as to form a gap 35 between a lower end of the board 30 and a bottom face 9b of the exhaust portion 9. A flowing direction of combustion gas introduced into the exhaust portion 9 through an opening 21 of the bottom face 9b is deflected by passing through the gap 35, and the combustion gas flows toward the distribution board 27.

Abstract: A heating apparatus 1 includes a shell 2, a primary heat exchanger (sensible heat exchanger) 3, a burner (combustion means) 5, and a fan 6. A secondary heat exchanger (latent heat exchanger) 7 has a plurality of heat receiving tubes 18 arranged in parallel between a pair of headers 16 and 17, the heat receiving tubes 18 being fixed to tube plates 20. The heat receiving tubes 18 are bare tubes without fins and are arranged across flow of combustion gas. The number of the tubes 18 arranged vertically is less than the number of the tubes 18 arranged horizontally.

Abstract: So as to provide a latent heat recovery-type water heater capable of certainly preventing drain generated by heat exchange from being discharged out of an exhaust portion through an outlet with entrained by a flow of combustion gas, an exhaust portion 9 is formed by an exhaust portion constituting-body 25 attached above a secondary heat exchanger 7. The exhaust portion 9 includes therewithin a deflector 26 and a distribution board 27 opposed to the deflector 26. The deflector 26 has a deflection board 30 extending substantially vertically downward from a top face 9a of the exhaust portion 9, so as to form a gap 35 between a lower end of the board 30 and a bottom face 9b of the exhaust portion 9. A flowing direction of combustion gas introduced into the exhaust portion 9 through an opening 21 of the bottom face 9b is deflected by passing through the gap 35, and the combustion gas flows toward the distribution board 27.

Abstract: A secondary heat exchanger B for recovering latent heat from combustion gas includes water tubes 5 each of which is so inclined that a first end 50a is positioned lower than a second end 50b. Therefore, in draining water from each of the water tubes 5, water can be caused to flow smoothly into a water-inflow and hot-water-outflow header 6A connected to the first ends 50a. The secondary heat exchanger B includes a casing 7 which includes an upper wall 70a and a bottom wall 70b which are so inclined that the inner surfaces thereof extend generally in parallel with the water tubes 5, and the upper and the lower gaps 79a and 79b have constant widths s2 and s3. Therefore, the amount of heat recovery from the combustion gas passing through the gaps 79a and 79b can be increased.