Abstract: An unauthorized access prevention system that includes a search unit searching the flowing-in path of the unauthorized access to the services by a Web system disclosed by a user's ISP, a determination unit determining the place to implement a countermeasure for protecting the services from the unauthorized access based on the result of the search, and a notification unit notifying, according to a determination that that the countermeasure is implemented in the flow source that makes the unauthorized access flow into the user's communication network, the determination to the flow source.

Abstract: An unauthorized access prevention system includes a countermeasure method determination unit determining a method of taking countermeasures to protect a destination against unauthorized access based on a rate indicating a probability that predetermined traffic is unauthorized access. The rate is determined by calculating a number of times that the countermeasures were taken and subtracting a number of times that countermeasures were suspended, and dividing the resultant number of times that countermeasures were taken without suspension by the number of times that countermeasures were taken, for the predetermined traffic. The system also includes a storage device storing the number of times that countermeasures were taken and the number of times that countermeasures were taken without suspension. A countermeasure execution control unit controls when to take the countermeasures in the determined method.

Abstract: An electronic mail management system for managing electronic mail includes an obtaining unit, an assigning unit and a memory. The obtaining unit obtains electronic mail whenever the electronic mail is sent or received. The assigning unit assigns at least one serial number to the electronic mail obtained by the obtaining unit. Each assigned serial number is a number from a sequence of numbers associated with at least one mail address included in the obtained electronic mail. The memory stores the obtained electronic mail in connection with the at least one assigned serial number.

Abstract: A malicious access-detecting apparatus which is cable of grasping the whole aspect of an attack which can occur, before it actually occurs. A monitoring information-collecting section collects monitoring information including the network events detected by the monitoring devices on networks. A malicious apparatus group-deriving section retrieves a corresponding piece of the event information from an event information storage device, and derives, based on the retrieved piece of the event information, apparatuses that are involved in relevant detected network events which belong to the predetermined type of network events and of which addresses of senders or recipients are same, as a malicious apparatus group involved in the predetermined type of malicious access. A storage section stores information on each derived malicious apparatus group. An output section outputs a list of the each derived malicious apparatus group.

Abstract: A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

Abstract: A security management apparatus is capable of taking various security measures while referencing machine information and hence excellent in flexibility and widely applicable. The apparatus includes a security diagnostic unit for making a security diagnosis on the basis of security information obtained from a security information providing apparatus for providing information concerning security in a network and further on the basis of machine information obtained from at least one network machine connected to a network to judge a type of security-related processing to be executed for the network machine and also judge whether or not the security-related processing needs to be executed. A security execution unit executes predetermined security measure processing for the network machine on the basis of a result of diagnosis made by the security diagnostic unit.

Abstract: A security management apparatus is capable of taking various security measures while referencing machine information and hence excellent in flexibility and widely applicable. The apparatus includes a security diagnostic unit for making a security diagnosis on the basis of security information obtained from a security information providing apparatus for providing information concerning security in a network and further on the basis of machine information obtained from at least one network machine connected to a network to judge a type of security-related processing to be executed for the network machine and also judge whether or not the security-related processing needs to be executed. A security execution unit executes predetermined security measure processing for the network machine on the basis of a result of diagnosis made by the security diagnostic unit.

Abstract: An anti-worm program allows a computer to execute control of communication suspected as worm communication, the program allowing the computer to execute: a communication information acquisition step that acquires communication information which is information concerning communication from a target source; and a communication control step that has a control amount calculation formula for calculating the control amount of the communication from the target source using the communication information and performs control of the communication from the target source based on the communication control amount obtained using the control amount calculation formula.

Abstract: In performing multi-pass printing by using a printhead having a plurality of nozzles, a scan duty setting unit sets a printing amount for each nozzle for each main scan of the printhead based on the scan duty setting LUT. A scan duty setting LUT changing unit updates an initial scan duty setting LUT based on the faulty nozzle information detected by a faulty nozzle detection unit. At this time, the scan duty setting LUT is updated such that the scan duty which should be distributed to a faulty nozzle is distributed to a plurality of other nozzles and neighboring nozzles which print the same main scanning line as that printed by the faulty nozzle.

Abstract: The system includes the monitor agent that analyzes log of an entity. When an abnormality is detected, the monitor agent notifies about the abnormality to the control manager. The control manager decides a countermeasure and a countermeasure request party from the database and informs them to the action agent which the countermeasure request party. The action agent implements the countermeasure.

Abstract: Method signatures included in an input program are detected. An access analyzer sequentially analyzes the method signatures and obtains a run-time access right list based on a rule. This rule specifies method signatures and the access rights which may possibly be included in the program so that the method signatures correspond to the access rights, respectively. A comparator compares the run-time access right list with the design-time access right list in width of restriction based on another rule. This rule specifies widths related to restrictions of the access rights which may possibly be included in the program.

Abstract: An unauthorized access detection device capable of detecting unauthorized accesses which are made through preparation, in real time. When a packet travels on a network, a key data extractor obtains the packet and obtains key data. Next an ongoing scenario detector searches an ongoing scenario storage unit for an ongoing scenario with the key data as search keys. A check unit determines whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit. Then a report output unit outputs an unauthorized access report depending on the check result of the check unit.

Abstract: Disclosed is a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked. The program allows the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.

Abstract: The apparatus analyzes management information about network information collected from a computer and a router, detects a change in the management information specific to the activity of an unauthorized access program (worm), and generates alert information including a type of apparatus whose collected management information indicates the detected change and address information about an apparatus suspected of performing the activity of a worm. When the type of apparatus in the alert information refers to a computer, the apparatus generates an instruction to delete relayed information for the computer. When the type of apparatus refers to a network connection apparatus, the apparatus generates an instruction to set a filter for cutting off the communications of a worm with the network connection apparatus. Thus, the apparatus transmits the instructions.

Abstract: The security information mediation apparatus comprises security information registering unit which registers security information supplied by a client of a user, a transfer unit which transfers the security information registered in the security information registering unit to a client of a program developer. This client judges the usefulness of the security information and outputs reply information when the security information is useful. A reply information registering unit receives the reply information and payment information that indicates payment of the information presentation fee of the corresponding security information from the developer client. A transfer unit transfers the reply information and payment information to the client of the user.

Abstract: In a network relay device, unauthorized access from an internal computer to an external network is detected, an unauthorized destination service port used for the unauthorized access is specified, and a substitute port is allocated. A service relay unit and the internal computer are instructed to use the substitute port instead of the unauthorized destination service port, and an unauthorized access notification is sent. Mutual conversion of the unauthorized destination service port and a substitute service port is carried out, to relay a packet between an internal network and the external network.

Abstract: A computer-readable recording medium recording a worm detection parameter setting program for setting an appropriate worm detection parameter for target environments. When a log reader loads a communication log created within a prescribed time period, a log classifier classifies the entries of the communication log into categories based on communication contents. A frequency distribution creator analyzes the entries of a category, counts the number of appearance of each worm detection parameter value for each object of a preset network unit, and creates frequency distribution information. A threshold derivation unit analyzes the frequency distribution information and derives a threshold value that is used for determining whether a worm is propagating. An output unit outputs to an output device the threshold value for the worm detection parameter for the category, together with the frequency distribution information created by the frequency distribution creator, thereby providing a user with the information.

Abstract: A recording medium recording a network shutdown control program permitting suitable preventive measures to be taken. A detector monitors each network segment to be managed, and on detecting a communication fulfilling a predetermined condition, the detector generates a detection notification and sends the notification to a quarantine manager. On acquiring the detection notification generated by the detector of the local device or a detection notification generated by a remote network shutdown device, the quarantine manager generates a shutdown operation request in accordance with quarantine policy stored in a quarantine policy storage, and sends the request to a communication shutdown unit. In accordance with the shutdown operation request, the communication shutdown unit sets shutdown data identifying a target of shutdown and controls packets to be input to and output from the network segment so that the packets may be shut off or passed.

Abstract: A computer-readable recording medium having recorded a worm determination program capable of reliably determining a worm-infected communication. A worm determination apparatus for executing the program includes a plurality of physical ports functioning as network connection ports, a communication-information-acquisition unit, and a worm determination unit. The communication-information-acquisition unit acquires information about a packet type, classified according to a transmission-source address. The worm determination unit determines whether a communication is performed by a worm, based on the information about the packet type, classified according to the transmission-source address, acquired by the communication-information-acquisition unit and a determination criterion used for determining whether a communication is performed by a worm.

Abstract: A computer-readable recording medium recording a worm detection program which is preferably usable for a large-scale network and is capable of detecting worm communication with little information. A worm detection device which runs this program has a switching hub function, and comprises five physical ports that are network interfaces, a communication acquisition section, and a worm detector, for example. The communication acquisition section acquires ICMP type3 (destination unreachable message) packets going out of the physical ports. The worm detector determines whether the packet communication is worm communication, based on information on the ICMP type3 packets obtained for each source MAC address by the communication acquisition section and worm criteria set for determining whether communication is worm communication.