Abstract: A generation device includes a memory, and processing circuitry coupled to the memory and configured to sense anomaly of a network based on information having a plurality of items related to communication in the network, identify a cause of anomaly corresponding to each piece of the information when anomaly is sensed, and generate, based on values of the items in the information and the cause of anomaly identified, a cause-of-anomaly pattern for each predetermined set of pieces of the information.

Abstract: An authentication and authorization system according to one embodiment includes: a plurality of devices that perform mutual authentication and authorization by an authentication protocol using ID-based encryption; and an authentication and authorization infrastructure that generates an ID and a private key used for the mutual authentication and authorization, in which the authentication and authorization infrastructure includes: an ID generation unit configured to generate an ID including at least an identifier of the device and information regarding the device; a generation unit configured to generate a private key of the device from the ID; and a distribution unit configured to distribute the ID and the private key to a device corresponding to the identifier included in the ID, and the device includes: a mutual authentication unit configured to perform mutual authentication with another device by using the ID and the private key of the own device; a verification unit configured to verify whether or not a pr

Abstract: An anomaly detection device is provided with a learning unit that generates a detection model using a communication log during normal operation of a communication apparatus as learning data and an anomaly detection unit that detects anomaly of the communication apparatus using the generated detection model. The anomaly detection device is further provided with a data acquisition unit that acquires a communication log (second communication log) generated during a predetermined period later than a first communication log and a determination unit that instructs relearning using the second communication log when there is difference information between the learning data (first communication log) of the current detection model and the second communication log and when the number of pieces of additional information (information on the additional flow) or the number of pieces of deletion information (information on the delete flow) included in the difference information satisfies predetermined evaluation criteria.

Abstract: A communication system including an operational network including a host and a learning and detection server, and a staging network including a host of the same type as the host, a test execution server, and a learning and detection server. The test execution server performs a communication test by transmitting test communication in a normal state to the host and receiving communication performed by the host. The learning and detection server learns the communication of the host, generates an initial model for detecting an anomalous communication of the host, and transmits the initial model to the learning and detection server. The learning and detection server learns the communication of the host and generates a model for detecting an anomalous communication of the host, while monitoring the communication of the host using the initial model received from the learning and detection server.

Abstract: An anomaly detection device includes a memory, and processing circuitry coupled to the memory and configured to acquire communication feature values of communication devices, calculate, for each transmission source MAC address included in the communication feature values acquired, a total value of the number of transmitted and received packets or a total value of the number of bytes, for each layer-2 switch connected to a corresponding communication device, and determine, for each transmission source MAC address, that a communication device corresponding to the transmission source MAC address is connected to a layer-2 switch whose total value of the number of transmitted and received packets or total value of the number of bytes calculated is the largest.

Abstract: A generation device includes a memory, and processing circuitry coupled to the memory and configured to sense anomaly of a network based on information having a plurality of items related to communication in the network, identify a cause of anomaly corresponding to each piece of the information when anomaly is sensed, and generate, based on values of the items in the information and the cause of anomaly identified, a cause-of-anomaly pattern for each predetermined set of pieces of the information.

Abstract: An anomaly detection device is provided with a learning unit that generates a detection model using a communication log during normal operation of a communication apparatus as learning data and an anomaly detection unit that detects anomaly of the communication apparatus using the generated detection model. The anomaly detection device is further provided with a data acquisition unit that acquires a communication log (second communication log) generated during a predetermined period later than a first communication log and a determination unit that instructs relearning using the second communication log when there is difference information between the learning data (first communication log) of the current detection model and the second communication log and when the number of pieces of additional information (information on the additional flow) or the number of pieces of deletion information (information on the delete flow) included in the difference information satisfies predetermined evaluation criteria.

Abstract: An anomaly detection device includes a memory, and processing circuitry coupled to the memory and configured to acquire communication feature values of communication devices, calculate, for each transmission source MAC address included in the communication feature values acquired, a total value of the number of transmitted and received packets or a total value of the number of bytes, for each layer-2 switch connected to a corresponding communication device, and determine, for each transmission source MAC address, that a communication device corresponding to the transmission source MAC address is connected to a layer-2 switch whose total value of the number of transmitted and received packets or total value of the number of bytes calculated is the largest.

Abstract: A communication system including an operational network including a host and a learning and detection server, and a staging network including a host of the same type as the host, a test execution server, and a learning and detection server. The test execution server performs a communication test by transmitting test communication in a normal state to the host and receiving communication performed by the host. The learning and detection server learns the communication of the host, generates an initial model for detecting an anomalous communication of the host, and transmits the initial model to the learning and detection server. The learning and detection server learns the communication of the host and generates a model for detecting an anomalous communication of the host, while monitoring the communication of the host using the initial model received from the learning and detection server.