Abstract: A light emission material includes a first compound satisfying Equation 1: K2?0.1K1.??Equation 1 In Equation 1, K1 is a sum of radiationless transition rate due to internal conversion from a certain specific n-th triplet excitation state to a lower order triplet excitation state including the lowest triplet excitation state, K2 is a reverse intersystem crossing transition rate from the certain specific n-th triplet excitation state to a singlet excitation state which is adjacent to the n-th triplet excitation state, and n is an integer of 2 or more. An organic electroluminescence device including the light emission material may simultaneously attain high emission efficiency and roll-off reduction.

Abstract: A light emission material includes a first compound satisfying Equation 1: K ? 2 ? 0.1 K 1. Equation ? 1 In Equation 1, K1 is a sum of radiationless transition rate due to internal conversion from a certain specific n-th triplet excitation state to a lower order triplet excitation state including the lowest triplet excitation state, K2 is a reverse intersystem crossing transition rate from the certain specific n-th triplet excitation state to a singlet excitation state which is adjacent to the n-th triplet excitation state, and n is an integer of 2 or more. An organic electroluminescence device including the light emission material may simultaneously attain high emission efficiency and roll-off reduction.

Abstract: A log analysis apparatus extracts a parameter from an access log under analysis, acquires a similarity by comparing the parameter with the parameter included in the profile stored in a profile storage unit, and determines an access in the access log under analysis as an attack when the similarity is lower than a threshold. The log analysis apparatus takes a tally of the number of different requesting user terminals, for each parameter, among the access logs under analysis including a parameter not found in the profile, or having a similarity lower than the threshold, and determines, when there is any parameter for which the number of such different user terminals is equal to or higher than a threshold, to re-learn the parameter.

Abstract: An input unit receives an input of data, as learning purpose data and determination target data, in which requests made to a server by a user are represented in a time series. Then, a shaping unit shapes the received data. A classifying unit classifies the shaped data for each user who made the requests. Then, a learning unit extracts, from the classified learning purpose data, consecutive n requests as feature values of the learning purpose data, performs learning by using the feature values of the learning purpose data, and creates a profile for each user. A determination unit extracts, from the classified determination target data, consecutive n requests as feature values of the determination target data and performs determination of the determination target data based on the feature values of the determination target data and based on the profiles created by the learning unit.

Abstract: A request control device, when receiving a request issued from a client to a Web system, causes a sandbox in which an environment of the Web system is reproduced to inspect the request. The request control device transfers the request to the Web system if an inspection result of the request in the sandbox does not indicate detection of an attack. The request control device does not transfer the request to the Web system if the inspection result of the request indicates detection of an attack.

Abstract: A polycyclic compound is represented by Formula 1: where X1, R1 to R11, L1, L2, and n1 to n4 are further defined. An organic electroluminescence device includes the polycyclic compound.

Abstract: A determination apparatus includes a keyword extraction unit that extracts keywords characterizing a vulnerability from known vulnerability information, and a 0-day attack determination unit that compares the keywords characterizing the vulnerability and keywords included in a request used for an attack, and when a value of a score indicating a degree of inclusion of same keywords as the keywords characterizing the vulnerability in the request is smaller than a predetermined threshold, determines that the request is a 0-day attack that is neither a known attack nor an attack similar to the known attack.

Abstract: A global profile generation unit acquires a profile including, as an entry, information on parameter values for a combination of path parts and parameter names included in a normal HTTP request to a web server. When entries, in which the path parts are different but the parameter names are the same, are present in the acquired profile, the global profile generation unit generates a global profile in which the entries of the parameter names are aggregated in the acquired profile.

Abstract: An attack pattern extraction device includes an extraction unit and an attack pattern generation unit. The extraction unit extracts a common character string of parameters included in an access log of communication that is determined as an attack. The attack pattern generation unit generates an attack pattern on the basis of a character string with a string length being equal to or longer than a predetermined length among extracted consecutive character strings.

Abstract: An extraction unit-extracts a specific request from among requests that do not match with a profile on the basis of a similarity to a request to a server, where the profile determines whether the request is an attack. Further, a determination unit determines whether the specific request extracted by the extraction unit meets a predetermined condition indicating that the specific request is continuously transmitted from a certain number or more of transmission sources. Furthermore, a control unit relearns the profile if the determination unit determines that the specific request meets the predetermined condition.

Abstract: A request control device, when receiving a request issued from a client to a Web system, causes a sandbox in which an environment of the Web system is reproduced to inspect the request. The request control device transfers the request to the Web system if an inspection result of the request in the sandbox does not indicate detection of an attack. The request control device does not transfer the request to the Web system if the inspection result of the request indicates detection of an attack.

Abstract: A playback device reads a traffic file which is a dump file of traffic when malicious or benign traffic is generated and generates traffic based on the traffic file on a network having a security instrument that generates an event in accordance with the traffic. In addition, a determination device collects an event generated by the security instrument for the generated traffic and, on the basis of a feature extracted from the collected event, determines whether the event to be determined is for malicious traffic or benign traffic.

Abstract: In a security information management device (10), security information, which is information related to security, is collected. The security information management device (10) extracts, by referring to a security dictionary storing therein a keyword related to security for each attribute, a keyword from referrer security information that becomes a source to be compared with security information for relevance thereto, and calculates, by comparing the extracted keyword with a keyword included in the collected security information, relevance between the referrer security information and the security information. The security information management device (10) then output security information having higher calculated relevance more preferentially.

Abstract: An extraction unit-extracts a specific request from among requests that do not match with a profile on the basis of a similarity to a request to a server, where the profile determines whether the request is an attack. Further, a determination unit determines whether the specific request extracted by the extraction unit meets a predetermined condition indicating that the specific request is continuously transmitted from a certain number or more of transmission sources. Furthermore, a control unit relearns the profile if the determination unit determines that the specific request meets the predetermined condition.

Abstract: A traffic feature information extraction method including a regular expression process, a clustering process, and a feature information extraction process. The regular expression process extracts an item set in advance from a traffic log and represents a partial character string included in the item in a regular expression based on a predetermined rule. The clustering process clusters an entry of the traffic log represented in the regular expression. The feature information extraction process extracts, as traffic feature information of each of clusters, an entry having a minimum total sum of distances among entries included in the clustered traffic logs.

Abstract: A playback device reads a traffic file which is a dump file of traffic when malicious or benign traffic is generated and generates traffic based on the traffic file on a network having a security instrument that generates an event in accordance with the traffic. In addition, a determination device collects an event generated by the security instrument for the generated traffic and. on the basis of a feature extracted from the collected event, determines whether the event to be determined is for malicious traffic or benign traffic.

Abstract: A global profile generation unit acquires a profile including, as an entry, information on parameter values for a combination of path parts and parameter names included in a normal HTTP request to a web server. When entries, in which the path parts are different but the parameter names are the same, are present in the acquired profile, the global profile generation unit generates a global profile in which the entries of the parameter names are aggregated in the acquired profile.

Abstract: A blacklist generating device acquires a malicious communication log and a normal communication log. A malicious communication profile extracting function calculates statistics on communication patterns included in the malicious communication log and outputs a communication pattern satisfying a certain condition to a potential blacklist. A normal communication profile extracting function calculates statistics on communication patterns included in the normal communication log and outputs a communication pattern satisfying a certain condition to a whitelist. A blacklist creating function searches the potential blacklist for a value with the value on the whitelist, excludes a coincident communication pattern from the potential blacklist, and creates a blacklist.

Abstract: A log analysis apparatus (10) extracts a parameter from an access log pertaining to a request issued from a user terminal to a server, learns the appearance frequency of the parameter, and stores the learning result in a profile storage unit (14a) as a profile. The log analysis apparatus (10) extracts a parameter from an access log under analysis, acquires a similarity by comparing the parameter with the parameter included in the profile stored in the profile storage unit (14a), and determines an access in the access log under analysis as an attack when the similarity is lower than a threshold. The log analysis apparatus (10) takes a tally of the number of different requesting user terminals, for each parameter, among the access logs under analysis including a parameter not found in the profile, or having a similarity lower than the threshold, and determines, when there is any parameter for which the number of such different user terminals is equal to or higher than a threshold, to re-learn the parameter.

Abstract: An attack pattern extraction device includes an extraction unit and an attack pattern generation unit. The extraction unit extracts a common character string of parameters included in an access log of communication that is determined as an attack. The attack pattern generation unit generates an attack pattern on the basis of a character string with a string length being equal to or longer than a predetermined length among extracted consecutive character strings.