JP6199844B2 - Suspicious part estimation device and suspected part estimation method - Google Patents

Description

  The present invention relates to a suspected place estimation device and a suspected place estimation method.

  With the spread of smartphones and tablet terminals, various applications are provided on the mobile network via the Internet. Among them, the Web page is still at the center as an interface for various applications as well as browsing. Also, in recent years, the momentum of standardization of new web speed-up technologies such as HTTP 2.0 has been increased, and it can be seen from this point that web pages are important applications.

  On the other hand, the current network service is provided to end users across the facilities of various operators. Such a situation makes it difficult to isolate the cause when quality deterioration related to the display waiting time of the Web page occurs. For example, there are Web service providers, platform providers, telecommunications carriers, terminal manufacturers, and the like, and it is difficult for end users to appeal to appropriate providers when quality degradation occurs. In addition, it is difficult for the business operator who received the report to identify the cause of the quality deterioration.

  Conventionally, a plurality of techniques have been proposed for regular performance monitoring of the Web. For example, in Non-Patent Document 1, an increase in the specific gravity of terminal processing on the Web is recognized as an issue, log of browser terminal processing (rendering, scripting) and network processing is output, and display waiting is performed by a unique algorithm in the analysis server. The calculation of the ratio of the terminal processing time in the time and the display waiting time is realized. Furthermore, based on the ratio, the suspected place at the time of quality deterioration is realized. Further, in Non-Patent Document 2, estimation of a display waiting time at the time of browsing a Web page is realized by using the uplink and downlink traffic of a terminal at a predetermined time interval as an input.

Yamamoto, Nakamura, Honda, Ikegami, Takahashi: “Quality Factors for Browser-Based Applications”, IEICE Technical Report, CQ2012-20, vol.112, no.119, pp.17--22, 2012 Honda et al., “Estimation of Web Display Latency Based on Traffic Time Series”, IEICE Society Conference 2014

  However, in Non-Patent Document 2, the suspected part is not estimated. Further, in Non-Patent Document 1, regarding the estimation of a suspected place, in addition to being able to be divided only by two classifications on the terminal side and the network side, it is difficult to determine when both are suspected.

  The present invention has been made in view of the above points, and an object of the present invention is to refine the granularity of a suspected portion estimated for a cause of quality degradation of Web page display time.

Therefore, in order to solve the above problem, the suspected place estimation device is specified in the Euclidean space based on the time required for a plurality of stages in the display process included in the log information generated in the process of displaying the Web page on the terminal. A determination unit that determines which region of the Euclidean space is classified by a statistical hypothesis test among the regions in the Euclidean space that are classified based on the threshold value for each stage, and a determination result by the determination unit And an estimation unit that estimates a suspected location of a factor of quality degradation related to the display from a plurality of communication locations related to the display of the Web page.

  It is possible to refine the granularity of the suspected portion estimated for the cause of quality degradation of the display time of the Web page.

It is a figure which shows the structural example of the Web system in 1st embodiment. It is a figure which shows the hardware structural example of the suspicious part estimation apparatus in 1st embodiment. It is a figure which shows the function structural example of the user terminal and suspected place estimation apparatus in 1st embodiment. It is a flowchart for demonstrating an example of the process sequence which a user terminal performs. It is a figure which shows an example of the process sequence of a display process of a web page. It is a figure which shows an example of the index value contained in a browser log. It is a flowchart for demonstrating an example of the process sequence which a suspected location estimation apparatus performs. It is a figure which shows the structural example of the Web system in 2nd embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a diagram illustrating a configuration example of a Web system according to the first embodiment. In FIG. 1, the user terminal 20 can be connected to the communication carrier network N <b> 2 via the base station 30. Further, the user terminal 20 can communicate with the Web server 40a via the communication carrier network N2, POI (Point Of Interface), the Internet N1, and the like. Furthermore, the user terminal 20 can communicate with the suspected place estimation apparatus 10 via the communication carrier network N2, for example.

  The user terminal 20 is a communication terminal provided with a web browser (hereinafter simply referred to as “browser”) capable of displaying a web page. For example, a mobile phone, a smartphone, a tablet terminal, an in-vehicle device, a PC (Personal Computer), or the like may be used as the user terminal 20. The Web page is data including, for example, HTML (HyperText Markup Language), CSS (Cascading Style Sheets), and scripts.

  The suspicious part estimation device 10 is a computer that estimates the suspicious part that causes the deterioration of the Web page displayed on the user terminal 20 such as a display time (display waiting time). In the first embodiment, the suspected location is divided into any one of the communication locations on the user terminal 20 side, the communication carrier network, and the communication location above the POI. Note that the suspected place estimation device 10 may be installed in a communication carrier, for example.

  The Web server 40a is one or more computers that implement a Web site that stores or generates a Web page.

  FIG. 2 is a diagram illustrating a hardware configuration example of the suspected place estimation device according to the first embodiment. 2 includes a drive device 100, an auxiliary storage device 102, a memory device 103, a CPU 104, an interface device 105, and the like that are connected to each other via a bus B.

  A program that realizes processing in the suspected place estimation apparatus 10 is provided by a recording medium 101 such as a CD-ROM. When the recording medium 101 storing the program is set in the drive device 100, the program is installed from the recording medium 101 to the auxiliary storage device 102 via the drive device 100. However, the program need not be installed from the recording medium 101 and may be downloaded from another computer via a network. The auxiliary storage device 102 stores the installed program and also stores necessary files and data.

  The memory device 103 reads the program from the auxiliary storage device 102 and stores it when there is an instruction to start the program. The CPU 104 executes a function related to the suspected place estimation device 10 according to a program stored in the memory device 103. The interface device 105 is used as an interface for connecting to a network.

  FIG. 3 is a diagram illustrating a functional configuration example of the user terminal and the suspected place estimation device according to the first embodiment. In FIG. 3, the user terminal 20 includes a Web display control unit 21, a log generation unit 22, a log transmission unit 23, and the like. Each of these units is realized by processing that one or more programs installed in the user terminal 20 cause the CPU of the user terminal 20 to execute.

  The Web display control unit 21 downloads a Web page, displays a Web page, and the like in response to an input of a Web page display instruction by the user. The web page display instruction is, for example, input of a URL (Uniform Resource Locator), selection of a link in a web page that has already been displayed, or the like. Note that the Web display control unit 21 may be realized, for example, by a process that a Web browser program causes the CPU of the user terminal 20 to execute.

  The log generation unit 22 measures the time required for a plurality of stages (a plurality of sections) in the process until the Web page is displayed by calling the Navigation Timing API when an instruction to display the Web page is input. Then, a log including the measurement result (hereinafter referred to as “browser log”) is generated.

  In recent years, the Navigation Timing API has been standardized and implemented in major browsers, so it is possible to obtain more detailed logs using standard technology without having to build a mechanism like that described in Non-Patent Document 1. . That is, it is possible to acquire more detailed events related to network communication and terminal processing at the time of Web page display and the occurrence time thereof through the standard Navigation Timing API.

  The log transmission unit 23 transmits the browser log generated by the log generation unit 22 to the suspected place estimation device 10.

  The program that causes the user terminal 20 to function as the log generation unit 22 and the log transmission unit 23 may be implemented as a plug-in for a browser, for example. For example, when the user of the user terminal 20 reports a deterioration in the quality of the Web page display time to the telecommunications carrier, the plug-in is transferred from the telecommunications carrier to the user terminal 20. May be.

  The suspected place estimation apparatus 10 includes a log reception unit 11, a log analysis unit 12, an estimation unit 13, and the like. Each of these units is realized by a process that the CPU 104 causes one or more programs installed in the suspected place estimation apparatus 10 to execute. The suspected place estimation apparatus 10 also uses the log storage unit 14. The log storage unit 14 can be realized by using a storage device that can be connected to the auxiliary storage device 102 or the suspected place estimation device 10 via a network.

  The log receiving unit 11 receives a browser log transmitted from the user terminal 20. The log receiving unit 11 stores the received browser log in the log storage unit 14. Accordingly, the browser log is accumulated in the log storage unit 14.

  The log analysis unit 12 performs statistical analysis on the browser log stored in the log storage unit 14. For example, the log analysis unit 12 classifies the points specified in the Euclidean space based on the time required for each of a plurality of stages in the Web page display process included in the browser log based on the threshold value for each stage. It is determined which one of the regions in the Euclidean space belongs.

  Based on the analysis result (determination result) by the log analysis unit 12, the estimation unit 13 estimates a suspected location that is a cause of quality degradation of Web page display from among a plurality of communication locations related to Web page display. In other words, in the present embodiment, it is possible to identify the suspected portion of quality degradation with higher granularity (or accuracy) based on the output information of Navigation Timing.

In the first embodiment, the following (1) to (3) are assumed.
(1) The browser log is information related to access to the same site (Web server 40a) by a single user terminal 20.
(2) A resolver (DNS (Domain Name System) server) used by the user terminal 20 for name resolution is installed in the communication carrier network N2. For queries for which the resolver does not have a cache, name resolution is requested from the resolver to the authority server on the Internet N1 in accordance with normal DNS operations.
(3) A TCP (Transmission Control Protocol) three-way handshake (3-way handshake) when the user terminal 20 downloads a Web page is executed with the Web server 40a on the Internet N1.

  Hereinafter, processing procedures executed by each of the user terminal 20 and the suspected place estimation device 10 will be described. FIG. 4 is a flowchart for explaining an example of a processing procedure executed by the user terminal.

  The log generation unit 22 waits for an input of a Web page display instruction to the browser (S101). When the log generation unit 22 detects the input of the display instruction (Yes in S101), the log generation unit 22 calls the Navigation Timing API (S102), and generates a browser log including information obtained by the API (S103). Subsequently, the log transmission unit 23 transmits the browser log to the suspected place estimation device 10 (S104).

  In parallel with steps S102 and S103, the Web display control unit 21 executes a Web page display process as shown in FIG.

  FIG. 5 is a diagram illustrating an example of a processing procedure of Web page display processing. In FIG. 5, the network between the user terminal 20 and the DNS server is the telecommunications carrier network N2, and the network between the user terminal 20 and the Web server 40a is the telecommunications carrier network N2 and the Internet N1. is there.

  In step S201, the Web display control unit 21 transmits a DNS query to the DNS server regarding the URL input by the user. In response to the DNS query, the DNS server returns a DNS response including the name resolution result (S202). Subsequently, when the Web display control unit 21 transmits a SYN packet to the Web server 40a (S203), the Web server 40a returns a SYN ACK packet (S204). Subsequently, the Web display control unit 21 transmits an ACK packet to the Web server 40 (S205), and the TCP 3-way handshake is completed.

  Subsequently, when the Web display control unit 21 transmits an HTTP GET message to the Web server 40a (S206), download of content data constituting the Web page is started (S207).

  Regarding the display processing as described above, in step S103 of FIG. 4, a browser log including the index value shown in FIG. 6 is output.

  FIG. 6 is a diagram illustrating an example of index values included in the browser log. As shown in FIG. 6, the browser log includes index values (i) to (v).

  The index value (i) is a required time from the reception of the DNS response to the transmission of the TCP SYN packet. The index value (ii) is a required time from the completion of the TCP 3-way handshake to the transmission of the HTTP GET message. The index value (iii) is a required time from sending a DNS query to receiving a DNS response. The index value (iv) is the time required for the TCP 3-way handshake. The index value (v) is a required time from the transmission of the HTTP GET message to the reception of the first response packet.

  In FIG. 5, identifiers ((i) to (v)) of the index values are attached to the sections corresponding to the required time indicated by the index values. As is clear from FIG. 5, the index values (i) and (ii) are index values related to the performance of the user terminal 20. The index value (iii) is an index value related to the performance of the telecommunications carrier network N2. The index values (iv) and (v) are index values related to the performance of equipment (for example, the Web server 40a) higher than the POI (upper than the carrier network N2).

  Then, the process sequence which the suspected place estimation apparatus 10 performs is demonstrated. FIG. 7 is a flowchart for explaining an example of a processing procedure executed by the suspected place estimation apparatus.

  In step S <b> 301, the log reception unit 11 receives the browser log transmitted from the log transmission unit 23 of the user terminal 20 and stores the browser log in the log storage unit 14. Note that step S301 and step S302 and subsequent steps may be executed asynchronously. For example, after a plurality of (predetermined number) browser logs are accumulated regarding access to the same Web server 40 by the same user terminal 20, step S302 and subsequent steps may be executed.

  In step S <b> 302, the log analysis unit 12 performs statistical analysis on some or all browser logs stored in the log storage unit 14. Subsequently, the estimation unit 13 estimates the suspected place based on the result of statistical analysis (S303).

  Details of steps S302 and S303 will be described. In the first embodiment, the log analysis unit 12 defines a predetermined region (hereinafter referred to as region A) in a five-dimensional Euclidean space (a space defined as a direct product of real numbers), and index values (i) to ( For v), it is determined by statistical hypothesis test whether or not each average value belongs to region A.

  For example, it is assumed that the area A is an area of 500 msec or more with respect to the index values (i) to (v). Among these, a given browser is defined as A1 in which (i) or (ii) is 500 msec or more, A2 in which (iii) is 500 msec or more, and A3 in which (iv) or (v) is 500 msec or more. A test is made as to which region x0 in the five-dimensional Euclidean space, whose elements are average values of the index values (i) to (v) estimated from the log, belong to the complement of region A To do. The test method will be described later.

  As a result of the test, when it is determined that the point x0 belongs to the region A1, the estimation unit 13 estimates that the user terminal 20 is a suspected place. When it is determined that the point x0 belongs to the area A2, the estimation unit 13 estimates that the communication carrier network N2 is a suspected place. When it is determined that the point x0 belongs to the area A3, the estimation unit 13 estimates that the higher side than the POI (upper side than the communication carrier network N2, for example, the Web server 40a) is the suspected place. When it is determined that the region to which the point x0 belongs is a union region of two or more regions, the estimation unit 13 determines that all the locations corresponding to the respective regions related to the union are suspect locations. Presume that there is. Furthermore, when it is determined that the point x0 belongs to the complement of the region A, the estimation unit 13 estimates that there is no abnormality in any part.

  Next, the test method will be described. In the following, the significance level α is assumed. As a value of α, α = 0.01 or α = 0.05 is generally large. In general, assuming that there is a certain random variable having a value in the N-dimensional Euclidean space, when the sample point is given, the maximum likelihood estimate for the parameter of the random variable is expressed in the N-dimensional space. The problem of statistically testing whether a true parameter belongs to the region A when it belongs to the predetermined region A is known as a “region problem”.

  In the first embodiment, since the browser log is regarded as a point in the five-dimensional Euclidean space, the log analysis unit 12 determines the suspected place by reducing to the “region problem” in the case of N = 5 ( presume.

  The log analysis unit 12 applies a bootstrap method to solve the “region problem”. The procedure will be described below. In the following, as a symbol to represent a half space in a five-dimensional space

が用いられる。また，閾値ベクトルを（ｔ_１，ｔ_２，…，ｔ_５）と定め、所与の標本から閾値ベクトルを差し引くことにより、議論を５次元半空間上で展開する。

Is used. Further, the threshold vector is defined as (t ₁ , t ₂ ,..., T ₅ ), and the argument is developed on a five-dimensional half space by subtracting the threshold vector from a given sample.

Now, as a sample of N samples generated from the normal distribution N (μ, γ ₅ ) in the five-dimensional Euclidean space,

が与えられたとする。ここで、μ∈Ｒ^５であり、γ_５は、対角成分σ_１，σ_２，...，σ_５を持ち、対角成分以外が０である行列である。この標本について、

Is given. Here, μ∈R ⁵ and γ ₅ is a matrix having diagonal components σ ₁ , σ ₂ ,..., Σ ₅ , and other than the diagonal components are 0. About this specimen

に対する検定を行う。

Test for.

  First, B replicate samples are obtained by random restoration extraction allowing duplication from the sample.

を作成する。次に、

Create next,

について、その標本平均

Its sample mean

を算出し、

To calculate

の真偽を確認する。以下、同様にして、

Confirm the authenticity of. In the same manner,

の各標本平均

Each sample mean

について、

about,

の真偽を確認する。最後に、

Confirm the authenticity of. Finally,

が真であった回数Ｌ_１について、Ｌ_１／Ｂ＞αであれば、帰無仮説（Ｈ_１）は支持され、それ以外の場合、帰無仮説（Ｈ_１）は棄却される。

If L ₁ / B> α for the number of times L ₁ where is true, then the null hypothesis (H ₁ ) is supported, otherwise the null hypothesis (H ₁ ) is rejected.

  In the former case (when supported),

とし、後者の場合（棄却される場合）、

In the latter case (when rejected),

とする。ここで、Ｇ_１は、点μが属すると考えられる領域を表す。

And Here, G ₁ represents a region considered to which the point μ belongs.

  Similar processing

について実行し、最終的に、

Run about and finally

を、μが属する領域とみなす。

Is regarded as the region to which μ belongs.

  For example, it is assumed that a sample obtained by subtracting the threshold vector (500, 500, 500, 500, 500) from the browser log is obtained. On the other hand, as a result of executing the above processing,

の場合，ＤＮＳ応答に関する指標値（ｉｉｉ）のみが、閾値を超過していることとなる。この場合、推定部１３は、通信事業者網Ｎ２が被疑箇所であると推定する。

In this case, only the index value (iii) related to the DNS response exceeds the threshold value. In this case, the estimation unit 13 estimates that the carrier network N2 is a suspected place.

  As described above, the suspicious location can be estimated by estimating the affiliation region of the parameter of the true distribution and statistically determining the magnitude relation of each component with that of the threshold vector.

  As described above, according to the first embodiment, it is possible to refine the granularity of the suspected place estimated for the cause of the quality degradation of the display time of the Web page. As a result, for example, the communication carrier can monitor the presence or absence of suspicion in the communication carrier network N2.

  Next, a second embodiment will be described. In the second embodiment, differences from the first embodiment will be described. Points that are not particularly mentioned in the second embodiment may be the same as those in the first embodiment.

  FIG. 8 is a diagram illustrating a configuration example of a Web system according to the second embodiment. In FIG. 8, the same parts as those in FIG.

  FIG. 8 shows a base station 30a connected to the communication carrier network N2a and a base station 30b connected to the communication carrier network N2b. A plurality of user terminals 20 exist under each of the base station 30a and the base station 30b. Further, the suspected place estimation device 10 is connected to the communication carrier network N2a and the communication carrier network N2b. The communication carrier network N2a and the communication carrier network N2b are, for example, the communication carrier networks of the same communication carrier. When the communication carrier network N2a and the communication carrier network N2b are not distinguished, they are referred to as a communication carrier network N2. Further, when the base station 30a and the base station 30b are not distinguished, they are referred to as the base station 30.

  In the second embodiment, a case will be described in which a plurality of user terminals 20 under the same base station 30 access different web servers 40 from each other. However, two or more user terminals 20 accessing the same Web server 40 may exist.

  In the second embodiment, the processing contents of steps S302 and S303 in FIG. 7 have a different part from the first embodiment. That is, in the second embodiment, since there are a large number of user terminals 20, index values (iii) to (v) are adopted, and average values of the index values (iii) to (v) are used as the point x1. A point in the three-dimensional Euclidean space is considered. Further, as a region, a union of a region A2 corresponding to the communication carrier network N2 and a region A3 corresponding to POI can be considered. In this case, since the number of Web servers 40 to be accessed is also unspecified, when it is determined that the point x1 belongs to the area A3, the estimation unit 13 estimates that the POI is a suspected place. When it is determined that the point x1 belongs to the area A2, the estimation unit 13 estimates that the communication carrier network N2 is a suspected place.

  In the second embodiment, since the browser log is regarded as a point in the three-dimensional Euclidean space, the suspected part is determined (estimated), resulting in an “area problem” in the case of N = 3. Just do it.

  As described above, according to the second embodiment, based on browser logs when an unspecified number of user terminals 20 access a plurality of Web servers 40, the cause of quality degradation of Web page display time. Can be identified.

  Next, a third embodiment will be described. In the third embodiment, differences from the first or second embodiment will be described. Points that are not particularly mentioned in the third embodiment may be the same as those in the first or second embodiment.

  In the third embodiment, estimation of a suspected place in a situation where the first embodiment and the second embodiment are combined will be described.

  The point x0 is determined to belong to the area A3 from the multiple browser logs when accessing the same Web server 40 by a single user by the method described in the first embodiment, and the second embodiment When it is determined that the point x0 does not belong to either the region A1 or the region A2 by the method described in (1), the POI has no suspicion and the suspicion is higher than the POI. Therefore, in this case, the estimation unit 13 estimates that the Web server 40 is a suspected place.

  Next, a fourth embodiment will be described. In the fourth embodiment, differences from the first, second, or third embodiment will be described. Points not particularly mentioned in the fourth embodiment may be the same as those in the first, second, or third embodiment.

  In the fourth embodiment, a situation is assumed in which each user performs business by connecting to a thin client server using a remote terminal function. In this case, the suspected part estimation device 10 may be the thin client server. Further, in the fourth embodiment, the suspected place estimation device 10 includes a Web display control unit 21, a log generation unit 22, a log storage unit 14, a log analysis unit 12, and an estimation unit 13. On the other hand, the user terminal 20 may not have the Web display control unit 21, the log generation unit 22, and the log transmission unit 23.

  When the user inputs a web page display instruction, the log generation unit 22 automatically executes Navigation Timing in the thin client server, generates a browser log, and stores the browser log in the log storage unit 14. The log analysis unit 12 and the estimation unit 13 execute the processing described in the first to third embodiments with respect to the browser log stored in the log storage unit 14.

  According to the fourth embodiment, it is possible to perform separation including the presence or absence of suspects in the thin client server. For example, a thin client system provider can monitor whether there is a problem with its platform.

  Next, a fifth embodiment will be described. In the fifth embodiment, differences from the first embodiment will be described. Points not particularly mentioned in the fifth embodiment may be the same as those in the first embodiment.

  In the fifth embodiment, an example will be described in which a Web service provider embeds a navigation timing execution code in a Web server 40 provided by the Web service provider and performs performance monitoring and failure detection of the Web server 40.

  The user terminal 20 may not have the log generation unit 22 and the log transmission unit 23. The log generation unit 22 is realized in the Web server 40 by a process that the navigation timing execution code is executed by the Web server 40. The log storage unit 14 is realized using a storage connected to the Web server 40. The log analysis unit 12 and the estimation unit 13 are realized in the suspected place estimation device 10 that shares the storage and is different from the Web server 40.

  When the user terminal 20 accesses the Web server 40, the Navigation Timing execution code is executed with JavaScript (registered trademark), and the browser log is stored in the log storage unit 14. The log analysis unit 12 and the estimation unit 13 execute the processing described in the first embodiment regarding the browser log. As a result, when quality degradation occurs and it is estimated that the Web server 40 is a suspicious location, the alarm is automatically raised so that the status of the Web server 40 is constantly monitored. can do.

  As described above, according to the fifth embodiment, the Web service provider can monitor whether or not the Web server 40 provided by the Web service provider is suspected.

  In each of the above embodiments, the user terminal 20 is an example of a terminal. The browser log is an example of log information. The log analysis unit 12 is an example of a determination unit.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to such specific embodiment, In the range of the summary of this invention described in the claim, various deformation | transformation・ Change is possible.

DESCRIPTION OF SYMBOLS 10 Suspicious part estimation apparatus 11 Log receiving part 12 Log analysis part 13 Estimation part 14 Log storage part 20 User terminal 21 Web display control part 22 Log generation part 23 Log transmission part 30 Base station 40a, 40b, 40c, 40d Web server 100 Drive Device 101 Recording medium 102 Auxiliary storage device 103 Memory device 104 CPU
105 Interface device B Bus N1 Internet N2, N2a, N2b Communication carrier network

Claims (6)

The points specified in the Euclidean space based on the time required for a plurality of stages in the display process included in the log information generated in the process of displaying the web page on the terminal are classified based on the threshold for each stage. A determination unit that determines which region of the Euclidean space belongs to by a statistical hypothesis test ;
Based on the determination result by the determination unit, from a plurality of communication points related to the display of the Web page, an estimation unit that estimates a suspected point of a factor of quality deterioration related to the display;
A suspected place estimation apparatus characterized by comprising: The log information is generated using the Navigation Timing API.
The suspected place estimation apparatus according to claim 1.   The time required for the plurality of stages is the time required from receiving the DNS response to sending the SYN packet, the time required from completing the 3-way handshake to sending the HTTP GET message, and from sending the DNS query to receiving the DNS response. The suspected part estimation apparatus according to claim 1, wherein the time required for the three-way handshake and the time required for sending the HTTP GET message to receiving the first response packet are included. The web page is downloaded to the terminal via a carrier network,
The determination unit determines which region belongs to the point based on the log information generated with respect to the display of the Web page of the same Web server by a single terminal,
The estimation unit is configured to estimate the suspected location from the terminal, the communication carrier network, and a location higher than the communication carrier network based on a determination result by the determination unit.
The suspected place estimation apparatus according to any one of claims 1 to 3. The web page is downloaded to the terminal via a carrier network,
The determination unit determines which region belongs to the point based on the log information generated with respect to display of Web pages of a plurality of Web servers by a plurality of terminals,
The estimation unit is configured to estimate the suspected location based on the determination result by the determination unit, from locations higher than the communication carrier network and the communication carrier network.
The suspected place estimation apparatus according to any one of claims 1 to 3. Computer
The points specified in the Euclidean space based on the time required for a plurality of stages in the display process included in the log information generated in the process of displaying the web page on the terminal are classified based on the threshold for each stage. A determination procedure for determining which of the regions in the Euclidean space belong to by a statistical hypothesis test ;
Based on a determination result in the determination procedure, an estimation procedure for estimating a suspected location of a factor of quality deterioration related to the display from a plurality of communication locations related to the display of the Web page;
The suspicious part estimation method characterized by performing.

Images