WO2008004276A2 - Intrusion prevention system against hacker or computer virus, and program thereof - Google Patents

Intrusion prevention system against hacker or computer virus, and program thereof

Info

Publication number
WO2008004276A2
WO2008004276A2 PCT/JP2006/313282 JP2006313282W WO2008004276A2 WO 2008004276 A2 WO2008004276 A2 WO 2008004276A2 JP 2006313282 W JP2006313282 W JP 2006313282W WO 2008004276 A2 WO2008004276 A2 WO 2008004276A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
virus
computer
intrusion prevention
unauthorized intruder
Prior art date
Application number
PCT/JP2006/313282
Other languages
French (fr)
Japanese (ja)
Inventor
Satoshi Yamada
Takuma Sato
Original Assignee
Realcreate Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Realcreate Co., Ltd. filed Critical Realcreate Co., Ltd.
Priority to PCT/JP2006/313282 priority Critical patent/WO2008004276A2/en
Publication of WO2008004276A2 publication Critical patent/WO2008004276A2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Definitions

  • the present invention relates to a virus and an unauthorized intrusion for preventing an intruder such as a virus and a hacker from entering the computer or the communication network in an environment where the computer is connected to the communication network via a relay device.
  • the present invention relates to an intruder prevention device and its program.
  • Patent Document 1 Japanese Patent Laid-Open No. 6-230959
  • the present invention has been made to solve the above-described problems, and can reliably detect a virus, and data including a virus and unauthorized intruders such as hackers can be put into a computer.
  • the object is to provide a virus and unauthorized intruder intrusion prevention device and its program that can completely prevent intrusion or, on the contrary, intrusion into a computer-powered communication network.
  • the virus and unauthorized intruder intrusion prevention device is capable of intruding a virus into the computer or the communication network in an environment where a computer is connected to the communication network.
  • a virus and unauthorized intruder intrusion prevention device for preventing a computer, a dividing means for dividing data transmitted to the computer or the communication network into analog data and digital data, and the divided analog data In the frequency band near the boundary of the digital data, the data force detecting means for detecting electrical distortion and the data portion including the electrical distortion detected by the detecting means are recognized as abnormal data, and the abnormal data is passed. It is characterized in that it is provided with a blocking means for blocking the power.
  • the blocking means may block the passage of the abnormal data in the transmission / reception unit of the computer.
  • dial means may be provided for continuously transmitting numerical data of a predetermined number of digits to the transmission / reception unit of the computer.
  • the present invention provides a virus intrusion prevention program for preventing the entry of a virus into the computer or the communication network in an environment where the computer is connected to the communication network.
  • the method may further comprise the step of continuously transmitting numerical data having a predetermined number of digits to the transmission / reception unit of the computer.
  • a virus can be reliably detected, and data containing a virus can be detected.
  • Unauthorized intruder power such as a power source can be completely prevented from entering the computer or, conversely, the computer power also entering the communication network.
  • FIG. 1 is a schematic diagram showing an overall configuration of a virus intrusion prevention system including a virus and unauthorized intruder intrusion prevention device according to an embodiment of the present invention.
  • FIG. 2 is a functional block diagram showing the configuration of the virus and unauthorized intruder intrusion prevention device according to the embodiment of the present invention.
  • FIG. 3 is a diagram showing analog data including abnormal data.
  • FIG. 4 is a diagram showing digital data including abnormal data.
  • FIG. 5 is a diagram showing the structure of normal data.
  • FIG. 6 is a diagram showing the structure of data including abnormal data.
  • FIG. 7 is a diagram showing a communication record in the virus and unauthorized intruder prevention device according to the embodiment of the present invention.
  • FIG. 1 is a schematic diagram showing the overall configuration of a virus and unauthorized intruder intrusion prevention system equipped with a virus and unauthorized intruder intrusion prevention device according to an embodiment of the present invention
  • FIG. 2 is an embodiment of the present invention
  • FIG. 3 is a functional block diagram showing a configuration of a virus and unauthorized intruder intrusion prevention device according to FIG.
  • a virus and unauthorized intruder prevention system 1 includes a computer 8 having a hard disk drive 2, a CPU 3, a memory 4, a LAN board 5, a mouse 6 and a keyboard 7.
  • the computer 8 is installed on the hard disk drive 2 via a storage medium such as a CD-ROM, and is installed with a virus and unauthorized intruder prevention program power S. As a result, it can function as a virus and unauthorized intruder prevention device.
  • the virus and unauthorized intruder intrusion prevention device 11 includes an OS processing unit 12 for supporting a plurality of operating systems (OS) and a computer 8 or a communication network 9.
  • the data sent to is divided into analog data and digital data
  • a data dividing unit 13 that analyzes data like a LAN analyzer, a frequency band identifying unit 14 that identifies a frequency band of the data when transmitting and receiving data in a transmitting and receiving unit such as the LAN board 5 and the router 10,
  • a data amount calculation unit 15 that calculates the volume of data to be transmitted and received in the transmission / reception unit, and a frequency band calculation unit 16 that calculates an appropriate frequency band according to the environment of the computer 8 such as the data transmission speed and the installation location of the computer 8.
  • a load adjusting unit 17 that adjusts the communication load according to the data volume calculated by the data amount calculating unit 15, and a data guiding unit 18 that guides the data to an appropriate route such as analog or digital, CPU3, memory 4, etc.
  • the numerical data setting unit 20 for setting numerical data of a predetermined number of digits (for example, 6 rows and 4 columns) at random and the numerical data set by the numerical data setting unit 20 are transmitted to the transmission / reception unit.
  • data division unit 13 distortion detection unit 22 for detecting electrical distortion in the frequency band (about 4KHz) near the boundary between analog data and digital data divided, and distortion detection
  • the data portion including the electrical distortion detected by the unit 22 is recognized as abnormal data, and is provided with a data blocking unit 23 that blocks passage of the abnormal data.
  • abnormal data 28 it is recognized as abnormal data 28, and the passage of the abnormal data 28 through the LAN board 5 is blocked by the data blocking unit 23.
  • normal data 24 is divided by each packet 25 as shown in FIG. It is transmitted as digital data, and has a header part 26 and a footer part 27 at the beginning and the end of the data, respectively.
  • the abnormal data 28 including the virus is transmitted by a method of being inserted into the normal data 24 as shown in FIG. 6, and the abnormal data 28 including the virus is always included in the header portion 29 and the footer portion. There are 30.
  • abnormal data 28 including viruses is different from the normal data 24 because the number and order of the header and footer sections are different.
  • the electrical distortion V and V can be confirmed by analyzing interruptions, etc.
  • the abnormal data 28 including the virus is reliably blocked in the transmission / reception unit of the computer 8, and thus enters the inside of the computer 8. There is nothing. Even if the computer 8 is infected by a storage medium such as a CD or floppy disk (registered trademark) contaminated with a virus, the abnormal data 28 including the virus is reliably blocked in the transmission / reception unit. Therefore, it is possible to prevent a computer or the like connected to the communication network 9 from entering the communication network 9 from being infected with a virus.
  • the numerical data with a predetermined number of digits set at random in the numerical data setting unit 20 is always supplied to the dial unit 21 and the LAN board 5, the router 10, etc. Is sent to the transceiver.
  • the numerical data is transmitted, it includes not only digital data but also analog data, so if both numerical data are not analyzed, unauthorized intrusion such as The person is unable to perceive the presence of the computer 8.
  • a spare parameter is added to the parameters built into the router 10 and computer 8, and as shown in the log contents of data No. 5 and No. 8 in Fig. 7.
  • the IP address of the transmission / reception unit is displayed as “00000000”, so that an intruder such as a hacker cannot recognize the IP address. Therefore, an unauthorized intruder cannot enter the inside of the computer 8, and the unauthorized intruder power can be surely protected for the computer 8.
  • the present invention can also be applied to a wireless LAN, thereby reliably preventing eavesdropping, information falsification, leakage, and destruction, which are problems in the wireless LAN, thereby improving security. Can be planned.

Description

ウィルス及び不正侵入者侵入防止装置及びそのプログラム 技術分野  Virus and unauthorized intruder intrusion prevention device and program thereof
[0001] 本発明は、コンピュータが中継機器を介して通信ネットワークに接続された環境下 において、コンピュータ又は通信ネットワークへのウィルス及びハッカー等の不正侵 入者の侵入を防止するためのウィルス及び不正侵入者侵入防止装置及びそのプロ グラムに関する。  [0001] The present invention relates to a virus and an unauthorized intrusion for preventing an intruder such as a virus and a hacker from entering the computer or the communication network in an environment where the computer is connected to the communication network via a relay device. The present invention relates to an intruder prevention device and its program.
背景技術  Background art
[0002] 近年、インターネットに代表される通信ネットワークの発展に伴い、ウィルスによるコ ンピュータの汚染が大きな社会問題となってきている。この種のウィルスは、通信ネッ トワーク或いは CD等の記憶媒体を介してコンピュータ内部に侵入する。そして、コン ピュータがウィルスに感染した場合、システムエラーが頻繁に起こったり、ハードディ スクゃメモリに記憶されているファイルが消去されたり、ハードディスクが破損したりす るといった症状が発生する。  [0002] In recent years, with the development of communication networks represented by the Internet, contamination of computers by viruses has become a major social problem. This type of virus enters a computer via a communication network or a storage medium such as a CD. When a computer is infected with a virus, symptoms such as frequent system errors, erasure of files stored in the hard disk and memory, and damage to the hard disk occur.
[0003] そこで、従来、この種のウィルスによるコンピュータの汚染を防止するため、所謂、ゥ ィルスソフトと呼ばれるソフトウェアが数多く開発されている。そして、これらのソフトゥェ ァは、ウィルスをー且、コンピュータのメモリに格納されている OS (Operating System) 内に取り込んだ後、そのウィルスを削除或いは隔離するといつた方法で処理を行って いる(例えば、特許文献 1参照)。  [0003] Thus, in order to prevent the computer from being contaminated by this type of virus, many so-called software programs have been developed. These software processes the virus when it is deleted or quarantined after it has been taken into the OS (Operating System) stored in the computer's memory. Patent Document 1).
特許文献 1 :特開平 6— 230959号公報 し力しながら、上記した従来のソフトウェア では、次々に発生する新型のウィルスに対応することが難しぐウィルスを完全に根絶 することは事実上不可能であった。  Patent Document 1: Japanese Patent Laid-Open No. 6-230959 However, with the conventional software described above, it is virtually impossible to eradicate viruses that are difficult to cope with new viruses that occur one after another. there were.
[0004] また、従来のソフトウェアは、予め設定された定義に従って、ウィルスと判定されたデ ータを削除或いは隔離しているため、実際にはウィルスでないデータを誤って削除し たり、隔離したりしてしまうことがよくあり、信頼性が低いといった問題があった。  [0004] In addition, since conventional software deletes or isolates data determined to be a virus in accordance with a preset definition, data that is not actually a virus can be deleted or isolated by mistake. There is a problem that the reliability is low.
[0005] 本発明は、上記した課題を解決すべくなされたものであり、ウィルスを確実に検出す ることができ、ウィルスを含むデータやハッカー等の不正侵入者力 コンピュータ内へ 侵入したり、或いは、反対にコンピュータ力 通信ネットワークへ侵入したりすることを 完全に防止することのできるウィルス及び不正侵入者侵入防止装置及びそのプログ ラムを提供することを目的とするものである。 [0005] The present invention has been made to solve the above-described problems, and can reliably detect a virus, and data including a virus and unauthorized intruders such as hackers can be put into a computer. The object is to provide a virus and unauthorized intruder intrusion prevention device and its program that can completely prevent intrusion or, on the contrary, intrusion into a computer-powered communication network.
発明の開示  Disclosure of the invention
[0006] 上記した目的を達成するため、本発明に係るウィルス及び不正侵入者侵入防止装 置は、コンピュータが通信ネットワークに接続された環境下において、前記コンビユー タ又は前記通信ネットワークへのウィルスの侵入を防止するためのウィルス及び不正 侵入者侵入防止装置であって、前記コンピュータ又は前記通信ネットワークに対して 送信されるデータをアナログデータとデジタルデータに分割する分割手段と、前記分 割したアナログデータとデジタルデータの境界付近の周波数帯域において該データ 力 電気的な歪を検出する検出手段と、該検出手段により検出した電気的な歪を含 むデータ部分を異常データとして認識し、該異常データの通過を遮断する遮断手段 とを備免て ヽることを特徴とする。  [0006] In order to achieve the above-described object, the virus and unauthorized intruder intrusion prevention device according to the present invention is capable of intruding a virus into the computer or the communication network in an environment where a computer is connected to the communication network. A virus and unauthorized intruder intrusion prevention device for preventing a computer, a dividing means for dividing data transmitted to the computer or the communication network into analog data and digital data, and the divided analog data In the frequency band near the boundary of the digital data, the data force detecting means for detecting electrical distortion and the data portion including the electrical distortion detected by the detecting means are recognized as abnormal data, and the abnormal data is passed. It is characterized in that it is provided with a blocking means for blocking the power.
[0007] そして、前記遮断手段は、前記コンピュータの送受信部において前記異常データ の通過を遮断してもよい。  [0007] The blocking means may block the passage of the abnormal data in the transmission / reception unit of the computer.
[0008] さらに、前記コンピュータの送受信部にランダムに所定の桁数の数値データを送信 し続けるダイヤル手段を備えて 、てもよ 、。  [0008] Further, dial means may be provided for continuously transmitting numerical data of a predetermined number of digits to the transmission / reception unit of the computer.
[0009] また、本発明は、コンピュータが通信ネットワークに接続された環境下において、前 記コンピュータ又は前記通信ネットワークへのウィルスの侵入を防止するためのウィル ス侵入防止プログラムであって、前記コンピュータ又は前記通信ネットワークに対して 送信されるデータをアナログデータとデジタルデータに分割するステップと、前記分 割したアナログデータとデジタルデータの境界付近の周波数帯域において該データ から電気的な歪を検出するステップと、該検出した電気的な歪を含むデータ部分を 異常データとして認識し、該異常データの通過を遮断するステップとを備えて 、ること を特徴とする。  [0009] Further, the present invention provides a virus intrusion prevention program for preventing the entry of a virus into the computer or the communication network in an environment where the computer is connected to the communication network. Dividing data transmitted to the communication network into analog data and digital data; detecting electrical distortion from the data in a frequency band near a boundary between the divided analog data and digital data; And a step of recognizing the data portion including the detected electrical distortion as abnormal data and blocking the passage of the abnormal data.
[0010] そして、前記コンピュータの送受信部にランダムに所定の桁数の数値データを送信 し続けるステップを備えて 、てもよ 、。  [0010] The method may further comprise the step of continuously transmitting numerical data having a predetermined number of digits to the transmission / reception unit of the computer.
[0011] 本発明によれば、ウィルスを確実に検出することができ、ウィルスを含むデータゃノヽ ッカ一等の不正侵入者力 コンピュータ内へ侵入したり、或いは、反対にコンピュータ 力も通信ネットワークへ侵入したりすることを完全に防止することができる。 [0011] According to the present invention, a virus can be reliably detected, and data containing a virus can be detected. Unauthorized intruder power such as a power source can be completely prevented from entering the computer or, conversely, the computer power also entering the communication network.
図面の簡単な説明  Brief Description of Drawings
[0012] [図 1]本発明の実施の形態に係るウィルス及び不正侵入者侵入防止装置を備えたゥ ィルス侵入防止システムの全体構成を示す概略図である。  FIG. 1 is a schematic diagram showing an overall configuration of a virus intrusion prevention system including a virus and unauthorized intruder intrusion prevention device according to an embodiment of the present invention.
[図 2]本発明の実施の形態に係るウィルス及び不正侵入者侵入防止装置の構成を示 す機能ブロック図である。  FIG. 2 is a functional block diagram showing the configuration of the virus and unauthorized intruder intrusion prevention device according to the embodiment of the present invention.
[図 3]異常データを含むアナログデータを示す図である。  FIG. 3 is a diagram showing analog data including abnormal data.
[図 4]異常データを含むデジタルデータを示す図である。  FIG. 4 is a diagram showing digital data including abnormal data.
[図 5]正常データの構成を示す図である。  FIG. 5 is a diagram showing the structure of normal data.
[図 6]異常データを含むデータの構成を示す図である。  FIG. 6 is a diagram showing the structure of data including abnormal data.
[図 7]本発明の実施の形態に係るウィルス及び不正侵入者侵入防止装置における通 信記録を示す図である。  FIG. 7 is a diagram showing a communication record in the virus and unauthorized intruder prevention device according to the embodiment of the present invention.
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0013] 以下、図面を参照しつつ、本発明の実施の形態について説明する。ここで、図 1は 本発明の実施の形態に係るウィルス及び不正侵入者侵入防止装置を備えたウィルス 及び不正侵入者侵入防止システムの全体構成を示す概略図、図 2は本発明の実施 の形態に係るウィルス及び不正侵入者侵入防止装置の構成を示す機能ブロック図で ある。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. Here, FIG. 1 is a schematic diagram showing the overall configuration of a virus and unauthorized intruder intrusion prevention system equipped with a virus and unauthorized intruder intrusion prevention device according to an embodiment of the present invention, and FIG. 2 is an embodiment of the present invention. FIG. 3 is a functional block diagram showing a configuration of a virus and unauthorized intruder intrusion prevention device according to FIG.
[0014] 図 1に示されているように、ウィルス及び不正侵入者侵入防止システム 1は、ハード ディスクドライブ 2、 CPU3、メモリ 4、 LANボード 5、マウス 6及びキーボード 7を備え たコンピュータ 8がインターネット等の通信ネットワーク 9にルータ 10を介して接続され て構成されており、コンピュータ 8は、ハードディスクドライブ 2に CD— ROM等の記憶 媒体を介してウィルス及び不正侵入者侵入防止プログラム力 Sインストールされることに よりウィルス及び不正侵入者侵入防止装置として機能するようになって ヽる。  As shown in FIG. 1, a virus and unauthorized intruder prevention system 1 includes a computer 8 having a hard disk drive 2, a CPU 3, a memory 4, a LAN board 5, a mouse 6 and a keyboard 7. The computer 8 is installed on the hard disk drive 2 via a storage medium such as a CD-ROM, and is installed with a virus and unauthorized intruder prevention program power S. As a result, it can function as a virus and unauthorized intruder prevention device.
[0015] 図 2に示されているように、このウィルス及び不正侵入者侵入防止装置 11は、複数 の OS (Operating System)に対応するための OS処理部 12と、コンピュータ 8又は通 信ネットワーク 9に対して送信されるデータをアナログデータとデジタルデータに分割 すると共に LANアナライザーのようにデータの解析を行うデータ分割部 13と、 LAN ボード 5やルータ 10等の送受信部においてデータを送受信する時に該データの周 波数帯を識別する周波数帯識別部 14と、前記送受信部において送受信するデータ の容量を算出するデータ量算出部 15と、データの伝送速度やコンピュータ 8の設置 場所等のコンピュータ 8の環境に応じて適切な周波数帯を算出する周波数帯算出部 16と、データ量算出部 15により算出したデータの容量に応じて通信負荷を調整する 負荷調整部 17と、データをアナログ又はデジタル或いは CPU3やメモリ 4等の適切な 経路に誘導するデータ誘導部 18と、伝送速度を高めるためにデータの通信速度を 調整する通信速度調整部 19と、コンピュータ 8の LANボード 5やルータ 10等の送受 信部に送信する所定の桁数 (例えば、 6行 4列)の数値データをランダムに設定する 数値データ設定部 20と、数値データ設定部 20にお ヽて設定された数値データを前 記送受信部に送信し続けるダイヤル部 21と、データ分割部 13にお 、て分割したァ ナログデータとデジタルデータの境界付近の周波数帯域 (約 4KHz)にお 、て電気 的な歪を検出する歪検出部 22と、歪検出部 22により検出した電気的な歪を含むデ ータ部分を異常データとして認識し、該異常データの通過を遮断するデータ遮断部 23とを備えて構成されて ヽる。 As shown in FIG. 2, the virus and unauthorized intruder intrusion prevention device 11 includes an OS processing unit 12 for supporting a plurality of operating systems (OS) and a computer 8 or a communication network 9. The data sent to is divided into analog data and digital data In addition, a data dividing unit 13 that analyzes data like a LAN analyzer, a frequency band identifying unit 14 that identifies a frequency band of the data when transmitting and receiving data in a transmitting and receiving unit such as the LAN board 5 and the router 10, A data amount calculation unit 15 that calculates the volume of data to be transmitted and received in the transmission / reception unit, and a frequency band calculation unit 16 that calculates an appropriate frequency band according to the environment of the computer 8 such as the data transmission speed and the installation location of the computer 8. And a load adjusting unit 17 that adjusts the communication load according to the data volume calculated by the data amount calculating unit 15, and a data guiding unit 18 that guides the data to an appropriate route such as analog or digital, CPU3, memory 4, etc. , Sent to the transmission speed adjustment section 19 that adjusts the data transmission speed to increase the transmission speed, and the transmission / reception section of the LAN board 5 and router 10 of the computer The numerical data setting unit 20 for setting numerical data of a predetermined number of digits (for example, 6 rows and 4 columns) at random and the numerical data set by the numerical data setting unit 20 are transmitted to the transmission / reception unit. Continued dial unit 21, data division unit 13, distortion detection unit 22 for detecting electrical distortion in the frequency band (about 4KHz) near the boundary between analog data and digital data divided, and distortion detection The data portion including the electrical distortion detected by the unit 22 is recognized as abnormal data, and is provided with a data blocking unit 23 that blocks passage of the abnormal data.
[0016] このような構成を備えたウィルス及び不正侵入者侵入防止装置 11にお ヽて、通信 ネットワーク 9からルータ 10を通ってコンピュータ 8にウィルスを含むデータが送信さ れてきた場合、先ず、該データは、データ分割部 13によって、強制的にアナログデ ータとデジタルデータに分割されると共に該各データに対して R値、雑音、エコー、途 切れ等の解析が行われる。その結果、図 3や図 4に示されているように、アナログデー タとデジタルデータの境界付近の周波数帯域 (4KHz)にお 、て大きな電気的信号 の乱れ V , V (以下、「電気的な歪」と呼ぶ。)の発生が、歪検出部 22によって検出 [0016] In the virus and unauthorized intruder prevention device 11 having such a configuration, when data including a virus is transmitted from the communication network 9 through the router 10 to the computer 8, first, The data is forcibly divided into analog data and digital data by the data dividing unit 13 and analysis of R value, noise, echo, interruption, etc. is performed on each data. As a result, as shown in Fig. 3 and Fig. 4, large electrical signal disturbances V, V (hereinafter referred to as `` Electricity '') in the frequency band (4KHz) near the boundary between analog data and digital data. Is detected by the distortion detector 22.
A D  A D
されると共に異常データ 28として認識され、該異常データ 28の LANボード 5の通過 がデータ遮断部 23によって遮断される。  At the same time, it is recognized as abnormal data 28, and the passage of the abnormal data 28 through the LAN board 5 is blocked by the data blocking unit 23.
[0017] この時、アナログデータとデジタルデータの境界付近の周波数帯域 (4KHz)にお いて電気的な歪 V , Vが生じるのは、以下の理由によるものと考えられる。 [0017] At this time, the electrical distortions V and V occur in the frequency band (4 KHz) near the boundary between the analog data and the digital data for the following reason.
A D  A D
[0018] 一般に、正常なデータ 24は、図 4に示すように、各パケット 25によって分割された デジタルデータにより送信され、データの先頭部と最後尾にそれぞれヘッダー部 26 とフッター部 27を備えている。これに対して、ウィルスを含む異常データ 28は、図 6に 示すように、正常データ 24に紛れ込ませるなどの方法によって送信され、そのウィル スを含む異常データ 28にも必ずヘッダー部 29及びフッター部 30が存在する。すな わち、ウィルスを含む異常データ 28は、ヘッダー部やフッター部の構成数や順位が 異なり、正常なデータ 24と明らかに異なっているため、ウィルスを含む異常データ 28 力もは、雑音、エコー、途切れ等を解析することにより、電気的な歪 V , Vが確認さ [0018] In general, normal data 24 is divided by each packet 25 as shown in FIG. It is transmitted as digital data, and has a header part 26 and a footer part 27 at the beginning and the end of the data, respectively. On the other hand, the abnormal data 28 including the virus is transmitted by a method of being inserted into the normal data 24 as shown in FIG. 6, and the abnormal data 28 including the virus is always included in the header portion 29 and the footer portion. There are 30. In other words, abnormal data 28 including viruses is different from the normal data 24 because the number and order of the header and footer sections are different. The electrical distortion V and V can be confirmed by analyzing interruptions, etc.
A D  A D
れると考えられる。  It is thought that.
[0019] このように、上記したウィルス及び不正侵入者侵入防止装置 11によれば、ウィルス を含む異常データ 28は、コンピュータ 8の送受信部において確実にブロックされるた め、コンピュータ 8内部に侵入することはない。また、例え、ウィルスに汚染された CD やフロッピーディスク (登録商標)などの記憶媒体によりコンピュータ 8が感染されたと しても、ウィルスを含む異常データ 28は、前記送受信部において確実にブロックされ るため、通信ネットワーク 9に侵入することがなぐ通信ネットワーク 9に接続されたコン ピュータ等がウィルスに感染することを防止することができる。  As described above, according to the virus and unauthorized intruder intrusion prevention device 11 described above, the abnormal data 28 including the virus is reliably blocked in the transmission / reception unit of the computer 8, and thus enters the inside of the computer 8. There is nothing. Even if the computer 8 is infected by a storage medium such as a CD or floppy disk (registered trademark) contaminated with a virus, the abnormal data 28 including the virus is reliably blocked in the transmission / reception unit. Therefore, it is possible to prevent a computer or the like connected to the communication network 9 from entering the communication network 9 from being infected with a virus.
[0020] また、上記したウィルス及び不正侵入者侵入防止装置 11では、常時、数値データ 設定部 20においてランダムに設定された所定の桁数の数値データがダイヤル部 21 力も LANボード 5やルータ 10等の送受信部に送信されている。し力も、その発信さ れて 、る数値データには、デジタルデータだけでなくアナログデータも含まれて 、る ため、その両方の数値データを解析しなければ、ノ、ッカ一等の不正侵入者はコンビ ユータ 8の存在を感知できないようになっている。さらに、ルータ 10やコンピュータ 8に 組み込まれているパラメータに予備のパラメータが追加されるようにもなつており、こ れにより、図 7のデータ No. 5や No. 8のログ内容に示すように、前記送受信部の IP アドレスが「00000000」で表示され、ハッカー等の不正侵入者が IPアドレスを認識 できないようになつている。したがって、不正侵入者は、コンピュータ 8内部に侵入す ることができず、コンピュータ 8を不正侵入者力も確実に保護することができる。  [0020] In addition, in the virus and unauthorized intruder intrusion prevention device 11 described above, the numerical data with a predetermined number of digits set at random in the numerical data setting unit 20 is always supplied to the dial unit 21 and the LAN board 5, the router 10, etc. Is sent to the transceiver. However, if the numerical data is transmitted, it includes not only digital data but also analog data, so if both numerical data are not analyzed, unauthorized intrusion such as The person is unable to perceive the presence of the computer 8. In addition, a spare parameter is added to the parameters built into the router 10 and computer 8, and as shown in the log contents of data No. 5 and No. 8 in Fig. 7. The IP address of the transmission / reception unit is displayed as “00000000”, so that an intruder such as a hacker cannot recognize the IP address. Therefore, an unauthorized intruder cannot enter the inside of the computer 8, and the unauthorized intruder power can be surely protected for the computer 8.
[0021] 上記したように本発明の実施の形態によれば、ウィルスを含む異常データやハツ力 一等の不正侵入者の侵入を前記送受信部において確実にブロックすることができる ため、次々に発生する新型のウィルスや不正侵入者にも容易に対応することができ、 コンピュータや通信ネットワークをウィルスや不正侵入者力 確実に保護することがで きる。また、実際にはウィルスでないデータを誤って削除したり、隔離したりしてしまう こともなく、信頼'性の向上を図ることができる。 [0021] As described above, according to the embodiment of the present invention, it is possible to reliably block the intrusion of an unauthorized intruder such as abnormal data including a virus or the power of a hat. Therefore, it is possible to easily cope with new viruses and unauthorized intruders that occur one after another, and to reliably protect computers and communication networks against viruses and unauthorized intruders. In addition, it is possible to improve reliability without actually deleting or isolating non-virus data.
なお、本発明は、無線 LANにも適用することができ、これにより、無線 LANにおい て問題となる、盗聴、情報の改ざん、漏洩及び破壊などを確実に防止することができ 、セキュリティの向上を図ることができる。  Note that the present invention can also be applied to a wireless LAN, thereby reliably preventing eavesdropping, information falsification, leakage, and destruction, which are problems in the wireless LAN, thereby improving security. Can be planned.

Claims

請求の範囲 The scope of the claims
[1] コンピュータが通信ネットワークに接続された環境下において、前記コンピュータ又は 前記通信ネットワークへのウィルス及び不正侵入者の侵入を防止するためのウィルス 及び不正侵入者侵入防止装置であって、  [1] A virus and unauthorized intruder intrusion prevention device for preventing a virus and unauthorized intruder from entering the computer or the communication network in an environment where the computer is connected to a communication network,
前記コンピュータ又は前記通信ネットワークに対して送信されるデータをアナログデ ータとデジタルデータに分割する分割手段と、  Dividing means for dividing data transmitted to the computer or the communication network into analog data and digital data;
前記分割したアナログデータとデジタルデータの境界付近の周波数帯域において 該データ力 電気的な歪を検出する検出手段と、  A detecting means for detecting the data force electrical distortion in a frequency band near a boundary between the divided analog data and the digital data;
該検出手段により検出した電気的な歪を含むデータ部分を異常データとして認識 し、該異常データの通過を遮断する遮断手段と、  A blocking means for recognizing the data portion including the electrical distortion detected by the detecting means as abnormal data and blocking the passage of the abnormal data;
を備えていることを特徴とするウィルス及び不正侵入者侵入防止装置。  A virus and unauthorized intruder intrusion prevention device characterized by comprising:
[2] 前記遮断手段は、前記コンピュータの送受信部において前記異常データの通過を 遮断する請求の範囲第 1項に記載のウィルス及び不正侵入者侵入防止装置。  2. The virus and unauthorized intruder intrusion prevention device according to claim 1, wherein the blocking means blocks the passage of the abnormal data in a transmission / reception unit of the computer.
[3] 前記コンピュータの送受信部にランダムに所定の桁数の数値データを送信し続け るダイヤル手段を備えている請求の範囲第 1項又は第 2項に記載のウィルス及び不 正侵入者侵入防止装置。 [3] The virus and unauthorized intruder intrusion prevention device according to claim 1 or 2, further comprising dial means for continuously transmitting numerical data having a predetermined number of digits to the transmission / reception unit of the computer. apparatus.
[4] コンピュータが通信ネットワークに接続された環境下において、前記コンピュータ又は 前記通信ネットワークへのウィルス及び不正侵入者の侵入を防止するためのウィルス 及び不正侵入者侵入防止プログラムであって、 [4] A virus and unauthorized intruder intrusion prevention program for preventing entry of a virus and unauthorized intruder into the computer or the communication network in an environment where the computer is connected to a communication network,
前記コンピュータ又は前記通信ネットワークに対して送信されるデータをアナログデ ータとデジタルデータに分割するステップと、  Dividing data transmitted to the computer or the communication network into analog data and digital data;
前記分割したアナログデータとデジタルデータの境界付近の周波数帯域において 該データから電気的な歪を検出するステップと、  Detecting electrical distortion from the data in a frequency band near a boundary between the divided analog data and digital data;
該検出した電気的な歪を含むデータ部分を異常データとして認識し、該異常デー タの通過を遮断するステップと、  Recognizing the data portion including the detected electrical distortion as abnormal data and blocking the passage of the abnormal data;
を備えていることを特徴とするウィルス及び不正侵入者侵入防止プログラム。  A virus and unauthorized intruder intrusion prevention program characterized by comprising:
[5] 前記コンピュータの送受信部にランダムに所定の桁数の数値データを送信し続け るステップを備えている請求の範囲第 4項に記載のウィルス及び不正侵入者侵入防 止プログラム, [5] The virus and unauthorized intruder intrusion prevention method according to claim 4, further comprising a step of continuously transmitting numerical data of a predetermined number of digits to the transmission / reception unit of the computer at random. Stop program,
PCT/JP2006/313282 2006-07-04 2006-07-04 Intrusion prevention system against hacker or computer virus, and program thereof WO2008004276A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/313282 WO2008004276A2 (en) 2006-07-04 2006-07-04 Intrusion prevention system against hacker or computer virus, and program thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/313282 WO2008004276A2 (en) 2006-07-04 2006-07-04 Intrusion prevention system against hacker or computer virus, and program thereof

Publications (1)

Publication Number Publication Date
WO2008004276A2 true WO2008004276A2 (en) 2008-01-10

Family

ID=38895008

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/313282 WO2008004276A2 (en) 2006-07-04 2006-07-04 Intrusion prevention system against hacker or computer virus, and program thereof

Country Status (1)

Country Link
WO (1) WO2008004276A2 (en)

Similar Documents

Publication Publication Date Title
JP4088082B2 (en) Apparatus and program for preventing infection by unknown computer virus
US8042180B2 (en) Intrusion detection based on amount of network traffic
KR101737726B1 (en) Rootkit detection by using hardware resources to detect inconsistencies in network traffic
US20240073233A1 (en) System and method for providing security to in-vehicle network
JP4327698B2 (en) Network type virus activity detection program, processing method and system
US20120005743A1 (en) Internal network management system, internal network management method, and program
US20080046563A1 (en) Network Intrusion Prevention by Disabling a Network Interface
US20060294588A1 (en) System, method and program for identifying and preventing malicious intrusions
US20030196123A1 (en) Method and system for analyzing and addressing alarms from network intrusion detection systems
WO2011027496A1 (en) Unauthorized process detection method and unauthorized process detection system
GB2382260A (en) Network intrusion detection system and method
KR101768079B1 (en) System and method for improvement invasion detection
JP2008083751A (en) Network system coping with unauthorized access
US8763121B2 (en) Mitigating multiple advanced evasion technique attacks
US20060015939A1 (en) Method and system to protect a file system from viral infections
KR101767591B1 (en) System and method for improvement invasion detection
KR101047382B1 (en) Method and system for preventing file takeover using malicious code and recording medium
WO2008004276A2 (en) Intrusion prevention system against hacker or computer virus, and program thereof
JP2006330926A (en) Virus infection detection device
EP1504323B1 (en) Method and system for analyzing and addressing alarms from network intrustion detection systems
EP1751651B1 (en) Method and systems for computer security
KR20030087583A (en) A system for detecting hacker invasion of personal computer
Ahmad et al. Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation.
Manjunath et al. RF Hacking Detection using Spectrum Scanning
Lewandowska Intrusion Detection Systems: Categories, attack detection and response.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06767813

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

NENP Non-entry into the national phase in:

Ref country code: RU

122 Ep: pct app. not ent. europ. phase

Ref document number: 06767813

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: JP