WO2014208427A1 - セキュリティ情報管理システム及びセキュリティ情報管理方法 - Google Patents
セキュリティ情報管理システム及びセキュリティ情報管理方法 Download PDFInfo
- Publication number
- WO2014208427A1 WO2014208427A1 PCT/JP2014/066193 JP2014066193W WO2014208427A1 WO 2014208427 A1 WO2014208427 A1 WO 2014208427A1 JP 2014066193 W JP2014066193 W JP 2014066193W WO 2014208427 A1 WO2014208427 A1 WO 2014208427A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security information
- security
- keyword
- calculation unit
- type
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Definitions
- the present invention relates to a security information management system and a security information management method.
- system managers information system asset managers
- Such security information is being released one after another by security research institutes and security vendors through information providing servers on the Internet.
- security information published on the Internet for example, information on security defects of software and hardware constituting an information system and countermeasures for the same are known.
- a technique for collecting and providing security information for example, a technique for collecting vulnerability information among security information, which is disclosed on an information providing server on the Internet, is known (patent document) 1).
- system management is performed by determining the relevance between aggregated vulnerability information and information system assets managed by the system administrator based on the relationship such as the reference relationship of collected multiple vulnerability information. Aggregate and provide vulnerability information that should be viewed by users.
- an object of the present invention is to easily collect security information highly relevant to the reference source security information.
- the security information management system refers to a collection unit that collects security information that is information related to security, and a security dictionary that stores the security-related keywords for each attribute.
- a keyword is extracted from reference source security information that is a source for comparing relevance with the security information, the extracted keyword is compared with a keyword included in the security information collected by the collection unit, and the reference
- a calculation unit that calculates a degree of association between the original security information and the security information, and an output unit that preferentially outputs security information having a higher degree of association calculated by the calculation unit.
- the security information management method is a security information management method executed by a security information management device, and includes a collection step of collecting security information that is information related to security, and a security dictionary that stores the security keywords for each attribute. And extracting a keyword from reference source security information that is a source for comparing relevance with the security information, and comparing the extracted keyword with a keyword included in the security information collected by the collecting step And a calculation step for calculating the degree of association between the reference source security information and the security information, and an output step for preferentially outputting the security information having a higher degree of association calculated by the calculation step. It is characterized by.
- the security information management system and the security information management method disclosed in the present application can easily collect security information highly relevant to the reference source security information.
- FIG. 1 is a diagram illustrating an example of a configuration of a security information management system according to the first embodiment.
- FIG. 2 is a diagram illustrating an example of information extracted by the security dictionary of the security dictionary storage unit according to the first embodiment.
- FIG. 3 is a diagram illustrating an example of information stored by the security information storage unit according to the first embodiment.
- FIG. 4 is a diagram illustrating an example of vulnerability score calculation processing by the security information relevance calculation unit.
- FIG. 5 is a flowchart for explaining the flow of security information provision processing in the security information management device according to the first embodiment.
- FIG. 6 is a diagram illustrating a computer that executes a security information management program.
- FIG. 1 is a diagram illustrating an example of a configuration of a security information management system according to the first embodiment.
- a security information management system 100 to which a security information management apparatus 10 according to the first embodiment is applied includes a security information management apparatus 10, a security information providing server 20, and a client terminal 30.
- the security information management apparatus 10 and the security information providing server 20 are connected via the Internet 40.
- the security information management device 10 is connected to the client terminal 30 via the input / output interface unit 15.
- the security information providing server 20 is a server that publishes security information.
- the security information providing server 20 includes, as security information, software or hardware security defects (for example, expressed as “vulnerability” or “security hole”) that constitute the information system, Publish text information on countermeasures (hereinafter referred to as vulnerability information).
- the security information providing server 20 uses, as security information, techniques for exploiting the above-described security flaws (sometimes expressed as “PoC (Proof of Concept)”, “exploit”, etc.), and countermeasures therefor Publish text information about.
- the security information providing server 20 uses a malicious program (“(computer)” for the purpose of causing damage to a third-party information system created using the above-described exploitation technology as security information. (It may be expressed as “virus”, “malware”, etc.) and text information on the countermeasures.
- the security information providing server 20 uses the above-mentioned malicious program as security information to attack information systems of other organizations (“targeted attack” “APT (Advanced Persistent Threat) attack”). (It may be expressed as “Cyber Attack” etc.)
- the client terminal 30 is an information processing apparatus such as a PC equipped with a standard Web browser that is used by the system administrator to use the security information management system 100. Further, the client terminal 30 receives security information highly relevant to the security information of the reference source from the security information management apparatus 10, and displays the security information.
- the security information management apparatus 10 includes a security information collection unit 11, a security information storage unit 12, a security dictionary storage unit 13, a security dictionary management unit 14, an input / output interface unit 15, and a security information relevance calculation unit. 16
- the security information collection unit 11 collects security information that is information related to security. Specifically, the security information collection unit 11 periodically accesses the security information providing server 20 at predetermined time intervals to acquire security information. These are acquired as general document files such as HTML and PDF. Then, the security information collection unit 11 processes the acquired file into a predetermined format, adds additional information, and stores it in the security information storage unit 12. The security information collection unit 11 refers to the security dictionary storage unit 13 when processing the acquired file into a predetermined format.
- the security information collection unit 11 extracts the title and body of the document file, refers to the security dictionary stored in the security dictionary storage unit 13, and extracts keywords included in the title and body.
- the security information collection unit 11 requires the system administrator as setting information from the “URL list” of the security information providing server 20 to be collected and the security information provided in a different format for each security information providing server 20.
- “Cutout position information” for extracting “title” and “text” and “information indicating time and interval” indicating the timing of collection to the security information providing server 20 are set.
- the security information collection unit 11 operates based on these setting information.
- “Cutout position information” is information defined for each URL list.
- the security information collection unit 11 acquires a document file such as an HTML file or a PDF in which security information is described from the security information providing server 20 specified by the URL list at the time specified by the setting information. Then, the security information collection unit 11 extracts the “title” and “text” of the security information from the acquired file based on “cutout position information”.
- the security information collection unit 11 extracts the keywords included in the extracted “title” and “text” by comparison with the security dictionary, the URL of the information providing server, the time when the file was collected, and the extracted “title”. ”And“ text ”and all extracted keywords are stored in the security information storage unit 12 (to be described in detail later with reference to FIG. 2). Thereafter, the security information collection unit 11 repeats the above processing until the processing is completed for all URL lists.
- the security information storage unit 12 stores the security information and additional information received from the security information collection unit 11. Further, the security information storage unit 12 transmits the security information requested from the security information relevance calculation unit 16 to the security information relevance calculation unit 16. Further, the security information storage unit 12 includes, as security information attributes, a vulnerability type, a product or service type, a product provider or service provider type, a country or organization type, or a cyber attack type. For each, keywords related to security are registered.
- FIG. 3 is a diagram illustrating an example of information stored by the security information storage unit according to the first embodiment.
- the security information storage unit 12 assigns, for each security information, keywords extracted by the security information collection unit 11 to “vulnerability”, “product / service”, “product / service provider”, Memorize by category of “country / organization name” and “cyber attack”.
- the security dictionary storage unit 13 stores a set of keywords related to the security field that are referred to when determining the relevance of security information.
- the security dictionary storage unit 13 stores a security dictionary that stores security-related keywords for each attribute. For example, a vulnerability dictionary, a product / service dictionary, and a product / service offer as a set of keywords representing the characteristics of security information A person's dictionary, country / organization name dictionary, and cyber attack dictionary.
- the security dictionary storage unit 13 stores, for example, buffer overflow, cross-site scripting, etc. as a vulnerability dictionary (including synonyms), and as a product / service dictionary (including synonyms), for example, Windows (registered trademark) 7, Windows Server 2012, Twitter (registered trademark), etc. are stored, and Microsoft (registered trademark), Google (registered trademark), etc. are stored as product / service provider dictionaries (including synonyms), As organization name dictionary (including synonym support), for example, China, Korea, House of Representatives, company name, etc. are stored, and as cyber attack dictionary (including synonym support), for example, cyber attack, targeted attack, targeted email, Information leaks, alterations, etc. are stored.
- each dictionary set keywords posted on domestic and foreign sites explaining vulnerabilities are collected and registered by a dedicated crawler.
- the product / service provider dictionary is collected and registered by a dedicated crawler or the like using the names of the products / service providers registered in domestic and foreign sites that provide vulnerability information as keywords.
- the product / service dictionary is collected and registered by a dedicated crawler or the like using the name or version of the product / service registered as a keyword in the product introduction site operated by the product / service provider.
- the country / organization name dictionary collects and registers a list of domestic and foreign government offices and listed companies by a dedicated crawler.
- keywords posted on domestic and foreign sites that explain various techniques and methods of cyber attacks are collected and registered by dedicated crawlers.
- the system administrator may manually register from the security dictionary management unit 14.
- FIG. 2 is a diagram illustrating an example of information extracted by the security dictionary of the security dictionary storage unit according to the first embodiment.
- the security information storage unit 12 includes, as security information, “URL of the security information file acquired from the information providing server (security information providing server 20)”, “Security information file from the information providing server” "Time collected", “Title”, “Body” and “Keyword” are stored. “Title”, “text”, and “keyword” are information extracted from a security information file by referring to the security dictionary stored in the security dictionary storage unit 13. Further, all extracted keywords are stored based on the classification of each security dictionary. If no keyword is extracted, the “content” corresponding to the keyword is stored empty.
- the security dictionary management unit 14 adds and deletes keywords related to the security field included in the dictionary. For example, the security dictionary management unit 14 receives an operation instruction from the system administrator, and adds or deletes keywords related to the security field.
- the input / output interface unit 15 receives a request from the client terminal 30 and transmits a relevance determination result to the client terminal 30 as a response to the request. Specifically, the input / output interface unit 15 receives the reference source security information, the vulnerability score threshold, the product / service score threshold, the product / service provider score threshold, the country / The organization name score threshold value and the cyber attack score threshold value are received and transmitted to the security information relevance calculation unit 16.
- the vulnerability score is a numerical value representing the relevance when the reference source security information and each security information stored in the security information storage unit 12 are compared using a “vulnerability dictionary”.
- the product / service score is a numerical value representing the relevance when the reference source security information and each security information stored in the security information storage unit 12 are compared using a “product / service dictionary”.
- the product / service provider score is a numerical value representing the relevance when the reference source security information and the security information stored in the security information storage unit 12 are compared using the “product / service provider dictionary”.
- the country / organization name score is a numerical value representing the relevance when the reference source security information and the security information stored in the security information storage unit 12 are compared using the “country / organization name dictionary”.
- the cyber attack score is a numerical value representing the relevance when the reference source security information and each security information stored in the security information storage unit 12 are compared using a “cyber attack dictionary”.
- the vulnerability score threshold, the product / service score threshold, the product / service provider score threshold, the country / organization name score threshold, and the cyber attack score threshold are stored in the reference source security information and the security information storage unit 12.
- Each stored security information is an index value for determining relevance based on the above five types of scores.
- security information having a score exceeding the threshold is determined to be “relevant to the reference source security information”.
- Each threshold is individually set by the system administrator for each of the five types of scores. For example, the system administrator transmits each threshold value from the client terminal 30 to the security information relevance calculation unit 16 through the input / output interface 15.
- a text box in which arbitrary text can be input may be displayed, and a function for allowing the system administrator to input may be installed.
- a button for performing an operation of transmitting the displayed security information to the security information relevance calculation unit 16 with one click may be displayed on the browser screen of the client terminal 30.
- Each threshold value may be input with a function that allows the system administrator to select a value that can be taken by the score calculation formula as an option.
- a standard value is set in advance, and when there is no threshold value input from the system administrator, the standard value is used.
- a function for reducing the burden of an operation of inputting a threshold value may be installed.
- the input / output interface unit 15 receives the total score value from the security information relevance calculation unit 16, and exceeds the threshold value transmitted for all of the five types of scores representing the relevance with the reference source security information.
- “URL of security information file acquired from information providing server”, “Time when security information file was collected from information providing server”, “Title” and “Body of security information” A function that further narrows down the security information to be displayed may be installed by a filter using the keyword included in “”.
- a function of exporting the displayed result to the outside in the form of a document file such as a text file or PDF after displaying the security information highly relevant to the reference source security information may be installed.
- the security information relevance calculation unit 16 refers to the security dictionary storage unit 13 that stores security-related keywords for each attribute, extracts the keywords from the reference source security information from which the relevance with the security information is compared, The extracted keyword and the keyword included in the security information collected by the security information collection unit 11 are compared to calculate the degree of association between the reference source security information and the security information.
- the security information relevance calculation unit 16 acquires security information stored in the security information storage unit 12 based on a request from the input / output interface unit 15 and performs relevance determination.
- the security information relevance calculation unit 16 transmits the relevance determination result to the client terminal 30 via the input / output interface unit 15.
- the input / output interface unit 15 outputs the security information having a higher relevance calculated by the security information relevance calculation unit 16 to the client terminal 30 preferentially.
- the security information relevance calculation unit 16 uses the source security information from which the relevance with the security information of the security information storage unit 12 is compared as setting information via the input / output interface unit 15 from the client terminal 30. , A vulnerability score threshold, a product / service score threshold, a product / service provider score threshold, a country / organization name score threshold, and a cyber attack score threshold.
- the security information relevance calculation unit 16 refers to the security dictionary, refers to a vulnerability type, a product or service type, a product provider or service provider type, a country or organization type, or a cyber attack type. Each keyword is extracted from the reference source security information.
- the security information relevance calculation unit 16 compares the keyword extracted from the reference source security information with the vulnerability keyword of each security information stored in the security information storage unit 12, and calculates a vulnerability score.
- the security information relevance calculation unit 16 refers to the security dictionary and determines the type of vulnerability, the type of product or service, the type of product provider or service provider, the type of country or organization, or For each type of cyber attack, keywords are extracted from the reference source security information, and the keywords extracted from the reference source security information are compared with the keywords included in the security information collected by the collection unit, respectively. The degree of association between security information and security information is calculated.
- FIG. 4 is a diagram illustrating an example of vulnerability score calculation processing by the security information relevance calculation unit.
- the security information relevance calculation unit 16 receives the reference source security information including the text and the body from the client terminal 30 via the input / output interface unit 15.
- the security information relevance calculation unit 16 extracts “buffer overflow” as a keyword included in the vulnerability dictionary from the reference source security information. Then, the security information relevance calculation unit 16 compares the keyword “buffer overflow” extracted from the reference source security information with the vulnerability keywords of the security information A and B stored in the security information storage unit 12 and calculates the vulnerability score. calculate.
- the vulnerability score “a” of security information A is calculated.
- the vulnerability keyword of the security information B is “cross-site scripting” and does not match the keyword extracted from the reference source security information.
- the vulnerability score “b” of the security information B is calculated.
- the vulnerability score “a” of the security information A is higher than the vulnerability score “b” of the security information B.
- the score may be calculated based on the number of matched keywords. For example, the vulnerability score of security information A is “1”, and the vulnerability score of security information B is “0”.
- a score may be calculated using a commercial / free machine learning library, each of which can be converted into a feature vector, and the similarity between the feature vectors can be obtained numerically.
- the security information relevance calculation unit 16 similarly calculates a product / service score for the “product / service dictionary”. Then, the security information relevance calculation unit 16 similarly calculates a product / service provider score for the “product / service provider dictionary”.
- the security information relevance calculation unit 16 similarly calculates a country / organization name score for the “country / organization name dictionary”. Then, the security information relevance calculation unit 16 similarly calculates a cyber attack score for the “cyber attack dictionary”. A weight may be set for each score.
- the security information relevance calculation unit 16 adds the scores. Then, the security information relevance calculation unit 16 sorts the security information in the security information storage unit 12 in descending order of the total score value. However, when sorting, security information having a score that falls below even one of the above five thresholds is excluded from sorting.
- the security information relevance calculation unit 16 transmits the security information to the input / output interface unit 15 in the sorted order.
- a systematic upper limit may be set for the number of pieces of security information transmitted at this time.
- FIG. 5 is a flowchart for explaining the flow of security information provision processing in the security information management device according to the first embodiment.
- step S101 when the security information relevance calculation unit 16 of the security information management apparatus 10 receives the reference source security information from the client terminal 30 via the input / output interface unit 15 (step S101), the security information relevance calculation unit 16 The sex calculation unit 16 extracts keywords included in the security dictionary from the reference source security information (step S102).
- the security information relevance calculation unit 16 compares the keyword extracted from the reference source security information with the vulnerability keyword of each security information stored in the security information storage unit 12, and calculates a vulnerability score (step S103). .
- the security information relevance calculation unit 16 calculates a product / service score for the “product / service dictionary” in the same manner as in step S103 (step S104). Then, the security information relevance calculation unit 16 calculates a product / service provider score for the “product / service provider dictionary” in the same manner as in step S103 (step S105).
- the security information relevance calculation unit 16 calculates a country / organization name score for the “country / organization name dictionary” in the same manner as in step S103 (step S106). Then, the security information relevance calculation unit 16 calculates a cyber attack score for the “cyber attack dictionary” as in step S103 (step S107).
- the security information relevance calculation unit 16 adds the scores (step S108). Then, the security information relevance calculation unit 16 sorts the security information stored in the security information storage unit 12 in descending order of the total score (step S109). However, when sorting, security information having a score that falls below even one of the above five thresholds is excluded from sorting.
- the security information relevance calculation unit 16 transmits the security information to the input / output interface unit 15 in the sorted order (step S110).
- the security information management apparatus 10 collects security information that is information related to security. Then, the security information management device 10 refers to a security dictionary that stores security-related keywords for each attribute, extracts the keywords from the reference source security information that is the basis for comparing the relevance with the security information, and extracts the keywords. The degree of relevance between the reference source security information and the security information is calculated by comparing the acquired keyword and the keyword included in the collected security information. Then, the security information management apparatus 10 preferentially outputs security information having a higher calculated degree of association. Thereby, it is possible to easily output security information highly relevant to the reference source security information.
- the security information management apparatus 10 collects file information including security information from the security information providing server 20 at predetermined time intervals, extracts the title and text of the file information, and includes them in the title and text. Extract keywords.
- the security information management device 10 compares the keyword included in the extracted title and text with the keyword extracted from the reference source security information to calculate the degree of association. For this reason, it is possible to appropriately calculate the degree of association by comparing the keyword included in the title and body of the security information with the keyword extracted from the reference source security information.
- the security information management apparatus 10 determines whether or not the keyword extracted from the reference source security information matches the keyword included in the collected security information. Calculate relevance high. For this reason, it is possible to easily calculate the degree of association.
- the security information management apparatus 10 sorts the security information whose relevance is calculated in descending order of relevance, and outputs the security information in the sorted order. For this reason, it is possible to easily output security information highly relevant to the reference source security information.
- the security information management apparatus 10 as security information attributes, the type of vulnerability, the type of product or service, the type of product provider or service provider, the type of country or organization, or the type of cyber attack Each time, a keyword related to security is registered in the security dictionary. Then, the security information management device 10 refers to the security dictionary, refers to the type of vulnerability, the type of product or service, the type of product provider or service provider, the type of country or organization, or the type of cyber attack. Each keyword is extracted from the reference source security information. For this reason, it is possible to extract a keyword appropriately.
- the security information management apparatus 10 refers to the security dictionary, refers to the type of vulnerability, the type of product or service, the type of product provider or service provider, the type of country or organization, or the type of cyber attack.
- Each keyword is extracted from the reference source security information, the keyword extracted from the reference source security information is compared with the keyword included in the collected security information, and the relationship between the reference source security information and the security information is determined. Calculate the degree. For this reason, the degree of association can be easily calculated.
- each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated.
- the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured.
- the security information collection unit 11 and the security information relevance calculation unit 16 may be integrated.
- all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.
- FIG. 6 is a diagram illustrating a computer 1000 that executes a security information management program.
- the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.
- the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012 as illustrated in FIG.
- the ROM 1011 stores a boot program such as BIOS (Basic Input Output System).
- BIOS Basic Input Output System
- the hard disk drive interface 1030 is connected to the hard disk drive 1031 as illustrated in FIG.
- the disk drive interface 1040 is connected to the disk drive 1041 as illustrated in FIG.
- a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041.
- the serial port interface 1050 is connected to a mouse 1051 and a keyboard 1052, for example, as illustrated in FIG.
- the video adapter 1060 is connected to a display 1061, for example, as illustrated in FIG.
- the hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the security information management program is stored in, for example, the hard disk drive 1031 as a program module in which a command executed by the computer 1000 is described.
- various data described in the above embodiment is stored as program data in, for example, the memory 1010 or the hard disk drive 1031.
- the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1031 to the RAM 1012 as necessary, and executes various processing procedures.
- program module 1093 and the program data 1094 related to the security information management program are not limited to being stored in the hard disk drive 1031, but are stored in a removable storage medium, for example, and read out by the CPU 1020 via the disk drive or the like. May be.
- the program module 1093 and the program data 1094 related to the security information management program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and the network interface 1070 is stored. It may be read by the CPU 1020 via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and the network interface 1070 is stored. It may be read by the CPU 1020 via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and the network interface 1070 is stored. It may be read by the CPU 1020 via LAN (Local Area Network), WAN (Wide Area Network), etc.), and the network interface 1070 is stored. It may be read by the CPU 1020
- Security information management apparatus 11 Security information collection part 12 Security information storage part 13 Security dictionary memory
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
Description
以下の実施形態では、第一の実施形態に係るセキュリティ情報管理システム及びセキュリティ情報管理方法による処理の流れを順に説明し、最後に第一の実施形態による効果を説明する。
まず、第一の実施形態に係るセキュリティ情報管理装置が適用されるセキュリティ情報管理システム100の構成の一例を説明する。図1は、第一の実施形態に係るセキュリティ情報管理システムの構成の一例を示す図である。図1に示すように、第一の実施形態に係るセキュリティ情報管理装置10が適用されるセキュリティ情報管理システム100は、セキュリティ情報管理装置10と、セキュリティ情報提供サーバ20と、クライアント端末30とを有する。また、セキュリティ情報管理システム100では、セキュリティ情報管理装置10とセキュリティ情報提供サーバ20とは、インターネット40を介して接続される。また、セキュリティ情報管理装置10は、入出力インターフェース部15を介してクライアント端末30と接続される。
次に、図1に示したセキュリティ情報管理装置10の構成を説明する。図1に示すように、セキュリティ情報管理装置10は、セキュリティ情報収集部11、セキュリティ情報蓄積部12、セキュリティ辞書記憶部13、セキュリティ辞書管理部14、入出力インターフェース部15およびセキュリティ情報関連性算出部16を有する。
次に、図5を用いて、第一の実施形態に係るセキュリティ情報管理装置10による処理を説明する。図5は、第一の実施形態に係るセキュリティ情報管理装置におけるセキュリティ情報提供処理の流れを説明するためのフローチャートである。
上述してきたように、第一の実施形態にかかるセキュリティ情報管理装置10では、セキュリティに関する情報であるセキュリティ情報を収集する。そして、セキュリティ情報管理装置10は、セキュリティに関するキーワードを属性ごとに記憶するセキュリティ辞書を参照して、セキュリティ情報との関連性を比較する元となる参照元セキュリティ情報からキーワードを抽出し、該抽出されたキーワードと収集されたセキュリティ情報に含まれるキーワードとを比較して、参照元セキュリティ情報とセキュリティ情報との関連度を算出する。そして、セキュリティ情報管理装置10は、算出された関連度が高いセキュリティ情報ほど優先的に出力する。これにより、参照元セキュリティ情報と関連性の高いセキュリティ情報を、容易に出力することが可能である。
また、図示した各装置の各構成要素は機能概念的なものであり、必ずしも物理的に図示の如く構成されていることを要しない。すなわち、各装置の分散・統合の具体的形態は図示のものに限られず、その全部または一部を、各種の負荷や使用状況などに応じて、任意の単位で機能的または物理的に分散・統合して構成することができる。例えば、セキュリティ情報収集部11とセキュリティ情報関連性算出部16とを統合してもよい。さらに、各装置にて行なわれる各処理機能は、その全部または任意の一部が、CPUおよび当該CPUにて解析実行されるプログラムにて実現され、あるいは、ワイヤードロジックによるハードウェアとして実現され得る。
また、上記実施形態において説明したセキュリティ情報管理装置10が実行する処理をコンピュータが実行可能な言語で記述したプログラムを作成することもできる。例えば、第一の実施形態に係るセキュリティ情報管理装置10が実行する処理をコンピュータが実行可能な言語で記述したセキュリティ情報管理プログラムを作成することもできる。この場合、コンピュータがセキュリティ情報管理プログラムを実行することにより、上記実施形態と同様の効果を得ることができる。さらに、かかるセキュリティ情報管理プログラムをコンピュータ読み取り可能な記録媒体に記録して、この記録媒体に記録されたセキュリティ情報管理プログラムをコンピュータに読み込ませて実行することにより上記第一の実施形態と同様の処理を実現してもよい。以下に、図1に示したセキュリティ情報管理装置10と同様の機能を実現するセキュリティ情報管理プログラムを実行するコンピュータの一例を説明する。
11 セキュリティ情報収集部
12 セキュリティ情報蓄積部
13 セキュリティ辞書記憶部
14 セキュリティ辞書管理部
15 入出力インターフェース部
16 セキュリティ情報関連性算出部
20 セキュリティ情報提供サーバ
30 クライアント端末
40 インターネット
100 セキュリティ情報管理システム
Claims (12)
- セキュリティに関する情報であるセキュリティ情報を収集する収集部と、
前記セキュリティに関するキーワードを属性ごとに記憶するセキュリティ辞書を参照して、前記セキュリティ情報との関連性を比較する元となる参照元セキュリティ情報からキーワードを抽出し、該抽出されたキーワードと前記収集部によって収集されたセキュリティ情報に含まれるキーワードとを比較して、前記参照元セキュリティ情報と前記セキュリティ情報との関連度を算出する算出部と、
前記算出部によって算出された関連度が高いセキュリティ情報ほど優先的に出力する出力部と、
を備えたことを特徴とするセキュリティ情報管理システム。 - 前記収集部は、外部の装置から、所定の時間間隔で、セキュリティ情報を含むファイル情報を収集し、該ファイル情報のタイトルおよび本文を抽出し、該タイトルおよび本文に含まれるキーワードを抽出し、
前記算出部は、前記収集部によって抽出されたタイトルおよび本文に含まれるキーワードと、前記参照元セキュリティ情報から抽出されたキーワードとを比較して関連度を算出することを特徴とする請求項1に記載のセキュリティ情報管理システム。 - 前記算出部は、前記参照元セキュリティ情報から抽出されたキーワードと前記収集部によって収集されたセキュリティ情報に含まれるキーワードとが一致するか否かを判定し、一致する場合には、一致しない場合よりも関連度を高く算出することを特徴とする請求項1に記載のセキュリティ情報管理システム。
- 前記算出部は、前記参照元セキュリティ情報から抽出されたキーワードと前記収集部によって収集されたセキュリティ情報に含まれるキーワードとが一致するか否かを判定し、一致する場合には、一致しない場合よりも関連度を高く算出することを特徴とする請求項2に記載のセキュリティ情報管理システム。
- 前記算出部は、関連度を算出したセキュリティ情報について、関連度が高い順にソートし、
前記出力部は、前記算出部によってソートされた順番で、前記セキュリティ情報を出力することを特徴とする請求項1に記載のセキュリティ情報管理システム。 - 前記算出部は、関連度を算出したセキュリティ情報について、関連度が高い順にソートし、
前記出力部は、前記算出部によってソートされた順番で、前記セキュリティ情報を出力することを特徴とする請求項2に記載のセキュリティ情報管理システム。 - 前記算出部は、関連度を算出したセキュリティ情報について、関連度が高い順にソートし、
前記出力部は、前記算出部によってソートされた順番で、前記セキュリティ情報を出力することを特徴とする請求項3に記載のセキュリティ情報管理システム。 - 前記算出部は、関連度を算出したセキュリティ情報について、関連度が高い順にソートし、
前記出力部は、前記算出部によってソートされた順番で、前記セキュリティ情報を出力することを特徴とする請求項4に記載のセキュリティ情報管理システム。 - 前記セキュリティ情報の属性として、脆弱性の種別、製品またはサービスの種別、製品の提供者またはサービスの提供者の種別、国または組織の種別、もしくは、サイバー攻撃の種別ごとに、セキュリティに関するキーワードが前記セキュリティ辞書に登録され、
前記算出部は、前記セキュリティ辞書を参照し、前記脆弱性の種別、前記製品またはサービスの種別、前記製品の提供者またはサービスの提供者の種別、前記国または組織の種別、もしくは、前記サイバー攻撃の種別ごとに、前記参照元セキュリティ情報からキーワードをそれぞれ抽出することを特徴とする請求項1~8のいずれか一つに記載のセキュリティ情報管理システム。 - 前記算出部は、前記セキュリティ辞書を参照し、前記脆弱性の種別、前記製品またはサービスの種別、前記製品の提供者またはサービスの提供者の種別、前記国または組織の種別、もしくは、前記サイバー攻撃の種別ごとに、前記参照元セキュリティ情報からキーワードをそれぞれ抽出し、前記参照元セキュリティ情報から抽出されたキーワードと前記収集部によって収集されたセキュリティ情報に含まれるキーワードとをそれぞれ比較して、前記参照元セキュリティ情報と前記セキュリティ情報との関連度を算出することを特徴とする請求項9に記載のセキュリティ情報管理システム。
- 前記算出部は、前記セキュリティ辞書を参照し、前記脆弱性の種別、前記製品またはサービスの種別、前記製品の提供者またはサービスの提供者の種別、前記国または組織の種別、もしくは、前記サイバー攻撃の種別ごとに、前記参照元セキュリティ情報からキーワードをそれぞれ抽出し、前記参照元セキュリティ情報から抽出されたキーワードと前記収集部によって収集されたセキュリティ情報に含まれるキーワードとをそれぞれ比較して関連度を算出し、各関連度を合算してスコアを算出し、
前記出力部は、前記算出部によって算出されたスコアが高いセキュリティ情報ほど優先的に出力することを特徴とする請求項10に記載のセキュリティ情報管理システム。 - セキュリティ情報管理装置によって実行されるセキュリティ情報管理方法であって、
セキュリティに関する情報であるセキュリティ情報を収集する収集工程と、
前記セキュリティに関するキーワードを属性ごとに記憶するセキュリティ辞書を参照して、前記セキュリティ情報との関連性を比較する元となる参照元セキュリティ情報からキーワードを抽出し、該抽出されたキーワードと前記収集工程によって収集されたセキュリティ情報に含まれるキーワードとを比較して、前記参照元セキュリティ情報と前記セキュリティ情報との関連度を算出する算出工程と、
前記算出工程によって算出された関連度が高いセキュリティ情報ほど優先的に出力する出力工程と、
を含んだことを特徴とするセキュリティ情報管理方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP14816872.7A EP2998884B1 (en) | 2013-06-24 | 2014-06-18 | Security information management system and security information management method |
US14/898,388 US10789366B2 (en) | 2013-06-24 | 2014-06-18 | Security information management system and security information management method |
JP2015524004A JP6042541B2 (ja) | 2013-06-24 | 2014-06-18 | セキュリティ情報管理システム、セキュリティ情報管理方法及びセキュリティ情報管理プログラム |
CN201480035891.2A CN105359139B (zh) | 2013-06-24 | 2014-06-18 | 安全信息管理系统及安全信息管理方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013132057 | 2013-06-24 | ||
JP2013-132057 | 2013-06-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014208427A1 true WO2014208427A1 (ja) | 2014-12-31 |
Family
ID=52141767
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/066193 WO2014208427A1 (ja) | 2013-06-24 | 2014-06-18 | セキュリティ情報管理システム及びセキュリティ情報管理方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US10789366B2 (ja) |
EP (1) | EP2998884B1 (ja) |
JP (1) | JP6042541B2 (ja) |
CN (1) | CN105359139B (ja) |
WO (1) | WO2014208427A1 (ja) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019125267A (ja) * | 2018-01-18 | 2019-07-25 | 富士通株式会社 | サイバー脅威評価装置、サイバー脅威評価プログラムおよびサイバー脅威評価方法 |
JP2019145091A (ja) * | 2018-01-12 | 2019-08-29 | ザ・ボーイング・カンパニーThe Boeing Company | 予測されるサイバー防御 |
JP2019197389A (ja) * | 2018-05-10 | 2019-11-14 | 株式会社日立製作所 | 構造化支援システム及び構造化支援方法 |
JP2020052767A (ja) * | 2018-09-27 | 2020-04-02 | Kddi株式会社 | 脆弱性推定装置及び脆弱性推定方法 |
JP2021093176A (ja) * | 2015-12-14 | 2021-06-17 | 日本電気株式会社 | セキュリティ情報分析方法、セキュリティ情報分析システム、及び、プログラム |
WO2021144954A1 (en) * | 2020-01-17 | 2021-07-22 | Nec Corporation | Attack information processing apparatus, attack information processing method, and computer readable medium |
WO2022185576A1 (ja) | 2021-03-02 | 2022-09-09 | 株式会社日立製作所 | 不正侵害分析支援装置、及び不正侵害分析支援方法 |
WO2023181145A1 (ja) * | 2022-03-23 | 2023-09-28 | 三菱電機株式会社 | リスク抽出装置、リスク抽出方法、リスク抽出プログラム |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11550920B2 (en) * | 2017-01-31 | 2023-01-10 | Nippon Telegraph And Telephone Corporation | Determination apparatus, determination method, and determination program |
DE102017202002A1 (de) | 2017-02-08 | 2018-08-09 | Siemens Aktiengesellschaft | Verfahren und Computer zum kryptografischen Schützen von Steuerungskommunikation in und/oder Service-Zugang zu IT-Systemen, insbesondere im Zusammenhang mit der Diagnose und Konfiguration in einem Automatisierungs-, Steuerungs- oder Kontrollsystem |
CN107038381A (zh) * | 2017-04-14 | 2017-08-11 | 济南浪潮高新科技投资发展有限公司 | 一种基于绑定机制的管理固件保护方法 |
GB2563618B (en) * | 2017-06-20 | 2020-09-16 | Arm Ip Ltd | Electronic system vulnerability assessment |
CN110851826B (zh) * | 2018-08-01 | 2023-07-11 | 深信服科技股份有限公司 | 一种篡改页面的检测方法、装置、设备及可读存储介质 |
CN112152964A (zh) * | 2019-06-26 | 2020-12-29 | 中兴通讯股份有限公司 | 网络攻击防御方法、装置、接收设备及计算机存储介质 |
KR20210081156A (ko) * | 2019-12-23 | 2021-07-01 | 삼성전자주식회사 | 전자 장치 및 그 제어 방법 |
KR102287394B1 (ko) * | 2020-12-21 | 2021-08-06 | 한국인터넷진흥원 | 익스플로잇 공격 유형 분류 방법 및 그 장치 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007058514A (ja) * | 2005-08-24 | 2007-03-08 | Mitsubishi Electric Corp | 情報処理装置及び情報処理方法及びプログラム |
JP2009015570A (ja) * | 2007-07-04 | 2009-01-22 | Nippon Telegr & Teleph Corp <Ntt> | 脆弱性情報流通システムおよび方法 |
JP4935399B2 (ja) | 2007-02-13 | 2012-05-23 | 日本電気株式会社 | セキュリティ運用管理システム、方法およびプログラム |
JP2012243268A (ja) * | 2011-05-24 | 2012-12-10 | Nec Corp | 業務フロー検索装置、業務フロー検索方法、およびプログラム |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001043236A (ja) * | 1999-07-30 | 2001-02-16 | Matsushita Electric Ind Co Ltd | 類似語抽出方法、文書検索方法及びこれらに用いる装置 |
US6807569B1 (en) * | 2000-09-12 | 2004-10-19 | Science Applications International Corporation | Trusted and anonymous system and method for sharing threat data to industry assets |
US20020038430A1 (en) * | 2000-09-13 | 2002-03-28 | Charles Edwards | System and method of data collection, processing, analysis, and annotation for monitoring cyber-threats and the notification thereof to subscribers |
JP4363868B2 (ja) | 2002-08-23 | 2009-11-11 | 株式会社東芝 | 検索キーワード分析プログラム及びシステム並びに方法 |
US7941491B2 (en) * | 2004-06-04 | 2011-05-10 | Messagemind, Inc. | System and method for dynamic adaptive user-based prioritization and display of electronic messages |
JP4581520B2 (ja) * | 2004-07-09 | 2010-11-17 | 富士ゼロックス株式会社 | ドキュメント管理プログラム、ドキュメント管理方法、及びドキュメント管理装置 |
US8544098B2 (en) * | 2005-09-22 | 2013-09-24 | Alcatel Lucent | Security vulnerability information aggregation |
US7624103B2 (en) * | 2006-07-21 | 2009-11-24 | Aol Llc | Culturally relevant search results |
US8302197B2 (en) * | 2007-06-28 | 2012-10-30 | Microsoft Corporation | Identifying data associated with security issue attributes |
US8166551B2 (en) * | 2007-07-17 | 2012-04-24 | Oracle International Corporation | Automated security manager |
JP5079019B2 (ja) | 2008-01-08 | 2012-11-21 | 三菱電機株式会社 | 情報フィルタリングシステム、情報フィルタリング方法および情報フィルタリングプログラム |
US8886728B2 (en) * | 2008-12-12 | 2014-11-11 | At&T Intellectual Property I, L.P. | Method and apparatus for reclassifying e-mail or modifying a spam filter based on users' input |
US8041729B2 (en) * | 2009-02-20 | 2011-10-18 | Yahoo! Inc. | Categorizing queries and expanding keywords with a coreference graph |
JP2011003182A (ja) * | 2009-05-19 | 2011-01-06 | Studio Ousia Inc | キーワード表示方法およびそのシステム |
JP2011141840A (ja) * | 2010-01-08 | 2011-07-21 | Toshiba Corp | イベント通知装置およびイベント通知方法 |
JP5776169B2 (ja) * | 2010-11-30 | 2015-09-09 | アイシン・エィ・ダブリュ株式会社 | 交通環境情報辞書作成装置、交通環境情報辞書作成方法、及び交通環境情報辞書作成プログラム |
CN103299304B (zh) * | 2011-01-13 | 2016-09-28 | 三菱电机株式会社 | 分类规则生成装置和分类规则生成方法 |
JP5638590B2 (ja) * | 2012-11-22 | 2014-12-10 | 株式会社東芝 | コンテンツ出力装置、コンテンツ出力方法及びプログラム |
-
2014
- 2014-06-18 JP JP2015524004A patent/JP6042541B2/ja active Active
- 2014-06-18 CN CN201480035891.2A patent/CN105359139B/zh active Active
- 2014-06-18 WO PCT/JP2014/066193 patent/WO2014208427A1/ja active Application Filing
- 2014-06-18 US US14/898,388 patent/US10789366B2/en active Active
- 2014-06-18 EP EP14816872.7A patent/EP2998884B1/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007058514A (ja) * | 2005-08-24 | 2007-03-08 | Mitsubishi Electric Corp | 情報処理装置及び情報処理方法及びプログラム |
JP4935399B2 (ja) | 2007-02-13 | 2012-05-23 | 日本電気株式会社 | セキュリティ運用管理システム、方法およびプログラム |
JP2009015570A (ja) * | 2007-07-04 | 2009-01-22 | Nippon Telegr & Teleph Corp <Ntt> | 脆弱性情報流通システムおよび方法 |
JP2012243268A (ja) * | 2011-05-24 | 2012-12-10 | Nec Corp | 業務フロー検索装置、業務フロー検索方法、およびプログラム |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11689547B2 (en) | 2015-12-14 | 2023-06-27 | Nec Corporation | Information analysis system, information analysis method, and recording medium |
JP2021093176A (ja) * | 2015-12-14 | 2021-06-17 | 日本電気株式会社 | セキュリティ情報分析方法、セキュリティ情報分析システム、及び、プログラム |
JP7120350B2 (ja) | 2015-12-14 | 2022-08-17 | 日本電気株式会社 | セキュリティ情報分析方法、セキュリティ情報分析システム、及び、プログラム |
JP2019145091A (ja) * | 2018-01-12 | 2019-08-29 | ザ・ボーイング・カンパニーThe Boeing Company | 予測されるサイバー防御 |
JP7223579B2 (ja) | 2018-01-12 | 2023-02-16 | ザ・ボーイング・カンパニー | 予測されるサイバー防御 |
JP2019125267A (ja) * | 2018-01-18 | 2019-07-25 | 富士通株式会社 | サイバー脅威評価装置、サイバー脅威評価プログラムおよびサイバー脅威評価方法 |
JP2019197389A (ja) * | 2018-05-10 | 2019-11-14 | 株式会社日立製作所 | 構造化支援システム及び構造化支援方法 |
JP2020052767A (ja) * | 2018-09-27 | 2020-04-02 | Kddi株式会社 | 脆弱性推定装置及び脆弱性推定方法 |
WO2021144954A1 (en) * | 2020-01-17 | 2021-07-22 | Nec Corporation | Attack information processing apparatus, attack information processing method, and computer readable medium |
JP7473246B2 (ja) | 2020-01-17 | 2024-04-23 | 日本電気株式会社 | 攻撃情報処理装置、攻撃情報処理方法及び攻撃情報処理プログラム |
WO2022185576A1 (ja) | 2021-03-02 | 2022-09-09 | 株式会社日立製作所 | 不正侵害分析支援装置、及び不正侵害分析支援方法 |
WO2023181145A1 (ja) * | 2022-03-23 | 2023-09-28 | 三菱電機株式会社 | リスク抽出装置、リスク抽出方法、リスク抽出プログラム |
JP7433551B1 (ja) | 2022-03-23 | 2024-02-19 | 三菱電機株式会社 | リスク抽出装置、リスク抽出方法、リスク抽出プログラム |
Also Published As
Publication number | Publication date |
---|---|
US10789366B2 (en) | 2020-09-29 |
EP2998884B1 (en) | 2017-11-01 |
JPWO2014208427A1 (ja) | 2017-02-23 |
JP6042541B2 (ja) | 2016-12-14 |
CN105359139B (zh) | 2019-04-09 |
CN105359139A (zh) | 2016-02-24 |
EP2998884A4 (en) | 2016-12-28 |
US20160140344A1 (en) | 2016-05-19 |
EP2998884A1 (en) | 2016-03-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6042541B2 (ja) | セキュリティ情報管理システム、セキュリティ情報管理方法及びセキュリティ情報管理プログラム | |
US9300682B2 (en) | Composite analysis of executable content across enterprise network | |
US9614862B2 (en) | System and method for webpage analysis | |
Namanya et al. | Similarity hash based scoring of portable executable files for efficient malware detection in IoT | |
US8412696B2 (en) | Real time searching and reporting | |
US20140052791A1 (en) | Task Based Filtering of Unwanted Electronic Communications | |
US20120197934A1 (en) | Real time searching and reporting | |
CN104956376A (zh) | 虚拟化环境中应用和设备控制的方法和技术 | |
RU2658878C1 (ru) | Способ и сервер для классификации веб-ресурса | |
US10454967B1 (en) | Clustering computer security attacks by threat actor based on attack features | |
CN111753171B (zh) | 一种恶意网站的识别方法和装置 | |
US20130198240A1 (en) | Social Network Analysis | |
Kurogome et al. | EIGER: automated IOC generation for accurate and interpretable endpoint malware detection | |
EA038063B1 (ru) | Система интеллектуального управления киберугрозами | |
WO2017104655A1 (ja) | 情報分析システム、情報分析方法、及び、記録媒体 | |
US8676791B2 (en) | Apparatus and methods for providing assistance in detecting mistranslation | |
US20140365571A1 (en) | Automatically Determining Veracity of Documents Posted in a Public Forum | |
CN110417751B (zh) | 一种网络安全预警方法、装置和存储介质 | |
Negoita et al. | Enhanced security using elasticsearch and machine learning | |
US11151308B2 (en) | Electronic document processing system | |
US20190166142A1 (en) | Method for analysing cyber threat intelligence data and apparatus thereof | |
JP6823205B2 (ja) | 収集装置、収集方法及び収集プログラム | |
Bo et al. | Tom: A threat operating model for early warning of cyber security threats | |
JP7408530B2 (ja) | セキュリティ管理システム、及びセキュリティ管理方法 | |
KR102022984B1 (ko) | 웹 기반의 sso 서비스 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201480035891.2 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14816872 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015524004 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14898388 Country of ref document: US |
|
REEP | Request for entry into the european phase |
Ref document number: 2014816872 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014816872 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |