Abstract: A method of network monitoring includes, acquiring a log including site information for identifying a web site that is previously accessed by an access source and content information for identifying a content that is requested by the access source, generating a first relationship information that includes site information for identifying the web site which provides the content, generating a second relationship information that includes content information for identifying another content that is requested by the access source requesting the content, generating a third relationship information that includes a second combination of the access source and the web site which provides both the content and the other content for the access source, and determining a group that includes the first combinations corresponding to the second combinations whose degree of similarity is no less than a threshold, based on the third relationship information.

Abstract: A method of network monitoring includes, acquiring a log including site information for identifying a web site that is previously accessed by an access source and content information for identifying a content that is requested by the access source, generating a first relationship information that includes site information for identifying the web site which provides the content, generating a second relationship information that includes content information for identifying another content that is requested by the access source requesting the content, generating a third relationship information that includes a second combination of the access source and the web site which provides both the content and the other content for the access source, and determining a group that includes the first combinations corresponding to the second combinations whose degree of similarity is no less than a threshold, based on the third relationship information.

Abstract: Each of ECUs counts the number of messages transmitted for each of CAN IDs. A transmission node that has transmitted a main message produces an MAC from a data field and the CAN ID in the main message and a counter value corresponding to the CAN ID, and transmits the MAC as an MAC message. A reception node that has received the main message produces an MAC from the data field and the CAN ID contained in the main message and the counter value corresponding to the CAN ID, and determines whether the MAC matches the MAC contained in the MAC message. By so doing, verification whether the main message is valid or not can be made. According to this configuration, message authentication by the MAC can be made without changing a CAN protocol.

Abstract: A cryptographic communication system constituted by a first communication device, and a second communication device that stores a master key serving as an encryption key, the cryptographic communication system being characterized in that said first communication device has a common key storing unit configured to store a key pair constituted by a first key serving as a common key used to communicate with said second communication device and a second key obtained by encrypting said first key by using said master key held by said second communication device, and also has a common key transmitting unit configured to transmit said second key to said second communication device, and said second communication device has common key obtaining unit configured to receive said second key and obtaining said first key by decrypting said received second key by using said master key.

Abstract: Each of ECUs counts the number of messages transmitted for each of CAN IDs. A transmission node that has transmitted a main message produces an MAC from a data field and the CAN ID in the main message and a counter value corresponding to the CAN ID, and transmits the MAC as an MAC message. A reception node that has received the main message produces an MAC from the data field and the CAN ID contained in the main message and the counter value corresponding to the CAN ID, and determines whether the MAC matches the MAC contained in the MAC message. By so doing, verification whether the main message is valid or not can be made. According to this configuration, message authentication by the MAC can be made without changing a CAN protocol.