WO2022003868A1 - Système de production de journal, procédé de production de journal et support lisible par ordinateur - Google Patents

Système de production de journal, procédé de production de journal et support lisible par ordinateur Download PDF

Info

Publication number
WO2022003868A1
WO2022003868A1 PCT/JP2020/025856 JP2020025856W WO2022003868A1 WO 2022003868 A1 WO2022003868 A1 WO 2022003868A1 JP 2020025856 W JP2020025856 W JP 2020025856W WO 2022003868 A1 WO2022003868 A1 WO 2022003868A1
Authority
WO
WIPO (PCT)
Prior art keywords
log
user operation
model
event group
simulated
Prior art date
Application number
PCT/JP2020/025856
Other languages
English (en)
Japanese (ja)
Inventor
成佳 島
太地 羽角
公一 毛利
俊俊 鄭
慶弘 藤枝
Original Assignee
日本電気株式会社
学校法人立命館
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社, 学校法人立命館 filed Critical 日本電気株式会社
Priority to PCT/JP2020/025856 priority Critical patent/WO2022003868A1/fr
Priority to JP2022532923A priority patent/JP7421196B2/ja
Publication of WO2022003868A1 publication Critical patent/WO2022003868A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Definitions

  • This disclosure relates to a log generation system, a log generation method, and a computer-readable medium.
  • the normal log is acquired by manually creating it or by recording the log of the normal operation on the terminal for a long period of time under the environment assumed in advance.
  • a huge number of normal logs are required to carry out cyber security exercises. This is because, in order to improve the survey skill, the student needs to take the cyber security exercise multiple times, but the survey skill does not improve if the same normal log is reused, so practice the normal log. This is because it is necessary to prepare a new one each time.
  • Patent Document 1 the extraction operation history extracted from the operation history information of the production environment system is modified so as to eliminate the inconsistency between the operation histories, and the operation of the production environment system is simulated in the mock test system. A simulated system is disclosed.
  • Patent Document 2 an operator that simulates an operation procedure by extracting necessary operation history from system log data acquired from an operation support system in an actual operation environment and applying parameters such as a device number for the test environment. Pseudo-systems are disclosed.
  • the object of the present disclosure is a log generation system, a log generation method, and a log generation system capable of generating a normal log in a wider variety without manual operation and log output from a terminal operating under the setting environment. It is to provide a computer-readable medium.
  • the log generation system is based on a log extraction unit that extracts logs related to user operations of a target application from log data composed of log groups, and a time-series list of the extracted logs.
  • a log extraction unit that extracts logs related to user operations of a target application from log data composed of log groups, and a time-series list of the extracted logs.
  • the model generator that generates the user operation model that estimates the transition of the user operation state associated with the event group, and the information about the transition of the user operation state that is estimated using the generated user operation model.
  • It is provided with a simulated log generation unit that generates simulated user operation log data.
  • the event group includes one or more events composed of one or more logs.
  • the log generation method is based on a log extraction step for extracting a log related to a user operation of a target application from log data composed of a log group, and a time-series list of the extracted logs.
  • a log extraction step for extracting a log related to a user operation of a target application from log data composed of a log group, and a time-series list of the extracted logs.
  • a simulated log generation step for generating simulated user operation log data is provided.
  • the event group includes one or more events composed of one or more logs.
  • a log generation program is stored in the non-temporary computer-readable medium according to one aspect of the present disclosure.
  • the log generation program is associated with an event group based on a log extraction step that extracts logs related to user operations of the target application from log data composed of log groups and a time-series list of the extracted logs.
  • Simulated user operation log data based on the model generation step to generate the user operation model that estimates the transition of the user operation state and the information about the transition of the user operation state estimated using the generated user operation model.
  • the event group includes one or more events composed of one or more logs.
  • the present disclosure provides a log generation system, a log generation method, and a computer-readable medium that can generate abundant variations of normal logs without manual log output and log output from a terminal operating in a setting environment. can.
  • FIG. It is a block diagram which shows the structure of the log generation system which concerns on Embodiment 1.
  • FIG. It is a block diagram which shows an example of the structure of the log generation apparatus which concerns on Embodiment 2.
  • FIG. It is a conceptual diagram of the event group which concerns on Embodiment 2.
  • It is a figure which shows an example of the data structure of the extraction rule which concerns on Embodiment 2.
  • FIG. It is a figure which shows an example of the data structure of the observation symbol table which concerns on Embodiment 2.
  • FIG. It is a figure which shows an example of the data structure of the event group-log correspondence table which concerns on Embodiment 2.
  • FIG. It is a flowchart which shows an example of the processing of the log generation apparatus which concerns on Embodiment 2.
  • FIG. It is a figure for demonstrating an example of the user operation model generation processing of the log generation apparatus which concerns on Embodiment 2.
  • FIG. It is a flowchart which shows an example of the simulated log generation processing of the log generation apparatus which concerns on Embodiment 2.
  • FIG. It is a block diagram which shows an example of the structure of the log generation apparatus which concerns on Embodiment 3.
  • FIG. 1 is a block diagram showing a configuration of a log generation system 10 according to the first embodiment.
  • the log generation system 10 includes a log extraction unit 12, a model generation unit 13, and a simulated log generation unit 14.
  • the log extraction unit 12 extracts the log related to the user operation of the target application from the log data composed of the log group.
  • the model generation unit 13 generates a user operation model that estimates the transition of the user operation state based on the time series list of the logs extracted by the log extraction unit 12.
  • the user operation state is associated with the event group.
  • the event group includes one or more events, and the event is composed of one or more logs.
  • the simulated log generation unit 14 generates simulated user operation log data based on the information regarding the transition of the user operation state estimated by using the generated user operation model.
  • the log generation system 10 simulates the transition of the potential user operation state and generates the simulated user operation log data based on the simulated transition. Therefore, the log generation system 10 can generate abundant variations of normal logs without log output from a terminal operating under the set environment and manual operation.
  • FIG. 2 is a block diagram showing an example of the configuration of the log generation system (hereinafter, referred to as a log generation device) 20 according to the second embodiment.
  • the log generation device 20 is a computer that generates normal logs required for cyber security exercises.
  • the normal log refers to the log related to the operation performed as a normal business under the setting environment.
  • a log is a record that consists of multiple lines of log text.
  • the log generation device 20 includes a log data acquisition unit 21, a log extraction unit 22, a model generation unit 23, a simulated log generation unit 24, an extraction rule storage unit 25, a model generation information storage unit 26, and log generation information.
  • a storage unit 27 and a simulated log storage unit 28 are provided.
  • the log data acquisition unit 21 acquires log data composed of log groups from a log collection computer (not shown) connected to the log generation device 20 via a network.
  • a log collection tool is installed on the log collection computer.
  • the log collection computer collects the log data generated by the computer by using the log collection tool, and outputs the collected log data to the log generation device 20.
  • the log collection tool is CDIR-Collector.
  • CDIR-Collector collects Windows®-specific binary logs.
  • each log is converted into a JSON file by placeo. In this case, the log data acquisition unit 21 acquires the log data of the log group converted into the JSON file.
  • the log extraction unit 22 extracts the log related to the user operation of the specified application to be extracted (referred to as the target application) from the acquired log data according to the extraction rule.
  • the extraction rule is created in advance based on the domain knowledge and stored in the extraction rule storage unit 25.
  • the model generation unit 23 generates a time-series list of the extracted logs, and generates a user operation model based on the time-series list of the logs.
  • the user operation model is a model for estimating the transition of the user operation state, that is, the sequence of the user operation state.
  • the user operation state is a state related to the user operation associated with the event group. Therefore, the user operation model may be a model for estimating the event group generated when the user operation state is changed in addition to the user operation state.
  • FIG. 3 is a conceptual diagram of the event group according to the second embodiment.
  • An event group is a group of events that occur in response to a user operation and includes one or more events.
  • the event indicates the operation of the computer caused by the user operation, and one or more logs are output as a result of the occurrence of the event.
  • the event group 1 includes event 1, event 2, events 3a, 3b, and event 4.
  • the computer executes the lnk file in response to the user operation requesting the execution of the lnk file (event 1). Then, the lnk execution log is output. Following event 1, the computer executes an exe file using the shell (event 2). Then, exe execution logs 1 to 3 are output. Following event 2, the computer spawns and executes child processes 1 and 2 (events 3a, 3b). Then, the child process 1 execution log and the child process 2 execution log are output, respectively. Following event 3a, the computer changes the access token by the parent process (event 4). And the log related to the change is output.
  • the process of the event that is the starting point of the event group is called a parent process, and the process called from the parent process is called a child process.
  • one user operation causes one or more events corresponding to the user operation, and these events form an event group. Then, one or more logs are output for each event.
  • the user operation may be an operation related to an execution request of a program such as a lnk file as shown in this example, or an operation related to a search request of a Web page.
  • the user operation state refers to a state in which such a request is made by the user's operation. Examples of the user operation state include "Program_Operation" and "Browser_Usage".
  • the model generation unit 23 treats the event group as an observation symbol and converts the time series list of the log into a sequence of observation symbols (observation sequence).
  • An observation symbol is a symbol that identifies an observed event group. The conversion to the observation sequence is performed using the observation symbol table described later. Then, the model generation unit 23 uses an observation sequence as learning data to generate a user operation model that estimates a user operation state and an event group that occurs when the user operation state transitions to the user operation state.
  • the simulated log generation unit 24 estimates the user operation state using the generated user operation model, and generates simulated user operation log data based on the information regarding the transition of the estimated user operation state.
  • the simulated log generation unit 24 estimates the next user operation state and the event group generated when the transition to the next user operation state occurs by using the user operation model. Then, the simulated log generation unit 24 acquires log configuration information in which the log configuration included in the estimated event group is described from the event group-log correspondence table (EG log correspondence table) described later. Then, the simulated log generation unit 24 generates simulated user operation log data using the log configuration information and the system configuration information.
  • EG log correspondence table event group-log correspondence table
  • the system configuration information is a system-dependent parameter used in the processing of the simulated log generation unit 24.
  • the system configuration information includes a computer name, a user name, an IP address, a log generation start time, a log generation end time, and the like.
  • the system configuration information may be created, for example, by the administrator of the log generation device 20, and may be input via the administrator's terminal or the like.
  • the extraction rule storage unit 25 is a storage medium that stores the extraction rules used by the log extraction unit 22.
  • the model generation information storage unit 26 is a storage medium for storing the observation symbol table used by the model generation unit 23.
  • the log generation information storage unit 27 is a storage medium for storing the EG log correspondence table and system configuration information used by the simulated log generation unit 24.
  • the simulated log storage unit 28 is a storage medium that stores and stores simulated user operation log data generated by the simulated log generation unit 24.
  • FIG. 4 is a diagram showing an example of the data structure of the extraction rule according to the second embodiment.
  • Extraction rules specify the log type that corresponds to the application.
  • the log type is described in the log included in the acquired log data, and is acquired from the log by the log extraction unit 22.
  • the extraction rule associates the application identification information (application ID) defined according to the type of application with the log type.
  • application ID application identification information
  • the log type logs whose log type identification information (log type ID) is T1 to T5 are logs corresponding to the same type of application, and the application ID is "AP001".
  • a log having a log type ID of T6 is a log corresponding to a log having a log type ID of T1 to T5 and a different type of application, and the application ID is "AP002".
  • FIG. 5 is a diagram showing an example of the data structure of the observation symbol table according to the second embodiment.
  • the observation symbol table may be observed when the log identification information included in the event corresponding to the parent process in the event group (first event), the user operation state, and the user operation state are changed. Associate with an observation symbol.
  • the event group that may occur when transitioning to one user operation state is not limited to one, and there may be a plurality of event groups.
  • a different event group is generated for each program related to the execution request. That is, when the event group is treated as an observation symbol, one user operation state may be associated with one observation symbol, or may be associated with a plurality of observation symbols.
  • the user operation status and observation symbol can be specified from the log of the parent process.
  • the observation symbol table uses the log type ID of the log included in the first event and the key information included in the log as the identification information of the log included in the first event corresponding to the parent process. include.
  • the user operation state is specified from the log type ID included in the first event in the observation symbol table.
  • the observation symbol is specified by the combination of the log type ID of the log included in the first event in the observation symbol table and the key information.
  • the model generation unit 23 can easily identify the observation symbol from the log included in the first event corresponding to the parent process among the extracted logs by using the observation symbol table, thereby observing. The sequence can be easily generated. Further, the model generation unit 23 can specify each user operation state and the observation symbol associated with the user operation state by using the observation symbol table, and define the user operation model.
  • FIG. 6 is a diagram showing an example of the data structure of the EG log correspondence table according to the second embodiment.
  • the EG log correspondence table is a table that associates the event group with the time-series relationship (context relationship) between the events included in the event group and the log configuration information of the log included in the event.
  • the EG log correspondence table has an observation symbol item as information for identifying the event group.
  • the EG log correspondence table has items of an event ID and an ID (parent event ID) of the parent event of the event as information indicating the context between the events. This represents the events in the event group as a tree structure.
  • the EG log correspondence table has log configuration parameters and log type items as log configuration information.
  • the log configuration parameter is described in the log such as “appication_focus_count”, “key_path” and “value_name”, and is a parameter that constitutes the log.
  • the context and log configuration information between events are predetermined in consideration of consistency such as the output order of processes between events and within the event.
  • FIG. 7 is a flowchart showing an example of the processing of the log generation device 20 according to the second embodiment.
  • the log data acquisition unit 21 of the log generation device 20 acquires the log data collected by the log collection computer (not shown) from the log collection computer (step S10).
  • the log data acquisition unit 21 supplies the acquired log data to the log extraction unit 22.
  • the log extraction unit 22 extracts the log related to the user operation of the designated target application from the log data according to the extraction rule (step S11). In this case, the log extraction unit 22 extracts the log of the log type associated with the application ID corresponding to the target application in the extraction rule. If there are a plurality of target applications, the logs related to user operations are classified for each target application, and the processes shown in subsequent steps S12 to S15 are repeated for each target application. The log extraction unit 22 supplies the extracted logs to the model generation unit 23.
  • the model generation unit 23 reads the time stamp from the extracted log, arranges the extracted logs in chronological order, and generates a time-series list (step S12).
  • the model generation unit 23 uses the observation symbol table to convert a plurality of logs included in the log time-series list into observation symbols in event group units, and generates an observation sequence (step S13).
  • the model generation unit 23 reads the log type from the log included in the event corresponding to the parent process for each of the event groups included in the time series list of the log.
  • the model generation unit 23 searches the log for the key associated with the log type in the observation symbol table, and determines the observation symbol of the event group according to the hit key.
  • the model generation unit 23 generates an observation sequence by replacing each of the event groups included in the time series list of the log with the determined observation symbol.
  • the model generation unit 23 generates a user operation model from the observation sequence (step S14).
  • the hidden Markov model is used to generate the user operation model.
  • the present invention is not limited to this, and any other model based on the state transition such as a recurrent neural network (RNN) may be used to generate the user operation model.
  • RNN recurrent neural network
  • FIG. 8 is a diagram for explaining an example of the user operation model generation process of the log generation device 20 according to the second embodiment.
  • hidden states X T at a certain point in time, according to the state transition probability matrix A a transition to hidden states X T + 1 at the next time point.
  • the observation symbol OT + 1 at the next time point is probabilistic from the list of observation symbols that may be output when transitioning to the hidden state XT + 1 in the model based on the observation symbol output probability matrix B. Is selected for.
  • the observation sequence O corresponds to the observation sequence generated in step S13
  • the hidden state transition sequence X corresponds to the sequence of the user operation state.
  • the predicted hidden state XT + 1 at the next time point corresponds to the user operation state at the next time point
  • the predicted observation symbol OT + 1 identifies the event group at the next time point.
  • the model generation unit 23 Upon generation, the model generation unit 23 first grasps the user operation state and one or more observation symbols that may be observed when transitioning to each user operation state from the observation symbol table, and creates a user operation model. Define. Then, the model generation unit 23 optimizes the state transition probability matrix A and the observation symbol output probability matrix B, which are the parameters in the model, by using the observation sequence as training data based on the defined user operation model. As a result, the model generation unit 23 generates a user operation model by learning. The model generation unit 23 supplies the user operation model to the simulated log generation unit 24.
  • the simulated log generation unit 24 performs a simulated log generation process based on the state transition using the user operation model (step S15). Then, the simulated log generation unit 24 ends the process.
  • FIG. 9 is a flowchart showing an example of the simulated log generation process (that is, the process shown in step S15 of FIG. 7) of the log generation device 20 according to the second embodiment.
  • the simulated log generation unit 24 repeats the processes shown in the following steps S20 to S25.
  • the simulated log generation unit 24 uses the log configuration information of the EG log correspondence table to describe each event of the event group represented by the tree structure as a log template, thereby creating a simulated user operation log template. Generate (step S22).
  • the simulated log generation unit 24 stores the generated simulated user operation log in the simulated log storage unit 28 (step S25).
  • the simulated log generation unit 24 determines whether or not to end the simulated log generation process (step S26). When the simulated log generation unit 24 determines that the simulated log generation process is to be completed (Yes in step S26), the simulated log generation unit 24 ends the process, and if not (No in step S26), increments "T" to step the process. Return to S20.
  • the simulated user operation log generation unit 24 sequentially generates simulated user operation logs while transitioning the user operation state using the user operation model.
  • the simulation log generation unit 24 estimates the sequence of user operation states and the sequence of event groups using the user operation model, and summarizes the simulated user operation logs using the EG log correspondence table. May be generated.
  • the log generation device 20 models the event group unit, simulates the transition of the potential user operation state using the model, and details based on the simulated transition. Generate simulated user operation log data. Therefore, the log generation system 20 can generate new normal logs with abundant variations, although the log generation system 20 tends to be similar to the normal log, but the log order and type are strictly different. Further, the log generation device 20 can generate a large amount of normal logs without outputting logs from terminals operating under the set environment and manually.
  • the log generation device 20 since the log generation device 20 generates simulated user operation log data by using the EG log correspondence table in which the consistency between events and within the event is considered in advance, the log generation device 20 generates a consistent and near-real normal log. can do.
  • FIG. 10 is a block diagram showing an example of the configuration of the log generation device 30 according to the third embodiment.
  • the log generation device 30 according to the third embodiment has basically the same configuration and function as the log generation device 20 according to the second embodiment.
  • the log generation device 30 is different in that it has a reference log data acquisition unit 31 and a corresponding table generation unit 32 in addition to the configuration of the log generation device 20.
  • the reference log data acquisition unit 31 acquires a plurality of reference log data for generating an EG log correspondence table from the log collection device. Then, the reference log data acquisition unit 31 supplies the acquired reference log data to the corresponding table generation unit 32.
  • the correspondence table generation unit 32 extracts the tree structure between events and the log configuration information of each event from the observed reference log data for each event group, and generates an EG log correspondence table.
  • the correspondence table generation unit 32 may modify the EG log correspondence table so that inconsistencies such as the output order of processes between events and within the events are resolved.
  • the correspondence table generation unit 32 stores the EG log correspondence table in the log generation information storage unit 27.
  • the log generation device 30 uses an EG log correspondence table designed in advance so as to eliminate inconsistencies between and within the events, so that the log generation device 30 uses a more consistent real. It is possible to generate a normal log close to.
  • the computer is composed of a computer system including a personal computer, a word processor, and the like.
  • the computer is not limited to this, and can be configured by a LAN (local area network) server, a computer (personal computer) communication host, a computer system connected on the Internet, or the like. It is also possible to distribute the functions to each device on the network and configure the computer in the entire network.
  • the present disclosure has been described as a hardware configuration, but the present disclosure is not limited to this.
  • the present invention can also realize arbitrary processing by causing a processor to execute a computer program.
  • a CPU Central Processing Unit
  • a GPU Graphics Processing Unit
  • an FPGA field-programmable gate array
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • Non-temporary computer-readable media include various types of tangible storage media.
  • Examples of non-temporary computer-readable media include magnetic recording media (eg, flexible discs, magnetic tapes, hard disk drives), magneto-optical recording media (eg, magneto-optical discs), CD-ROMs (ReadOnlyMemory), CD-Rs, CD-R / W, DVD (DigitalVersatileDisc), BD (Blu-ray (registered trademark) Disc), semiconductor memory (for example, mask ROM, PROM (ProgrammableROM), EPROM (ErasablePROM), flash ROM, RAM (for example) RandomAccessMemory)) is included.
  • the program may also be supplied to the computer by various types of temporary computer readable medium.
  • temporary computer-readable media include electrical, optical, and electromagnetic waves.
  • the temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Selon l'invention, un système de production de journal (10, 20, 30) comprend : une unité d'extraction de journal (12, 22) qui, à partir de données de journal configurées à partir de groupes de journal, extrait des journaux se rapportant à des opérations d'utilisateur dans une application cible; une unité de production de modèle (13, 23) qui, en fonction d'une liste en série chronologique de journaux extraits, produit un modèle d'opérations d'utilisateur qui infère les transitions d'états d'opérations d'utilisateur associées à un groupe d'évènements; et une unité de production de journal simulé (14, 24) qui produit des données de journal d'opérations d'utilisateur simulées en fonction des informations concernant les transitions d'états d'opérations d'utilisateur inférées en utilisant le modèle d'opérations d'utilisateur produit. Un groupe d'évènements comprend un ou plusieurs évènements, et ceux-ci sont configurés à partir d'un ou de plusieurs journaux.
PCT/JP2020/025856 2020-07-01 2020-07-01 Système de production de journal, procédé de production de journal et support lisible par ordinateur WO2022003868A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2020/025856 WO2022003868A1 (fr) 2020-07-01 2020-07-01 Système de production de journal, procédé de production de journal et support lisible par ordinateur
JP2022532923A JP7421196B2 (ja) 2020-07-01 2020-07-01 ログ生成システム、ログ生成方法およびログ生成プログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/025856 WO2022003868A1 (fr) 2020-07-01 2020-07-01 Système de production de journal, procédé de production de journal et support lisible par ordinateur

Publications (1)

Publication Number Publication Date
WO2022003868A1 true WO2022003868A1 (fr) 2022-01-06

Family

ID=79314965

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/025856 WO2022003868A1 (fr) 2020-07-01 2020-07-01 Système de production de journal, procédé de production de journal et support lisible par ordinateur

Country Status (2)

Country Link
JP (1) JP7421196B2 (fr)
WO (1) WO2022003868A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010050195A1 (fr) * 2008-10-31 2010-05-06 日本電気株式会社 Système de traitement de données, dispositif de traitement de données et dispositif de terminal utilisateur de ce système, et programme informatique et procédé de traitement de données de ce système
WO2015029464A1 (fr) * 2013-08-29 2015-03-05 三菱電機株式会社 Dispositif de simulation, dispositif de génération d'informations, procédé de simulation, programme de simulation, système de création d'environnement, procédé de création d'environnement, et programme
JP2018116688A (ja) * 2016-11-23 2018-07-26 アクセンチュア グローバル ソリューションズ リミテッド 認知ロボット工学アナライザ
WO2018235252A1 (fr) * 2017-06-23 2018-12-27 日本電気株式会社 Dispositif d'analyse, procédé d'analyse de journal et support d'enregistrement

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010050195A1 (fr) * 2008-10-31 2010-05-06 日本電気株式会社 Système de traitement de données, dispositif de traitement de données et dispositif de terminal utilisateur de ce système, et programme informatique et procédé de traitement de données de ce système
WO2015029464A1 (fr) * 2013-08-29 2015-03-05 三菱電機株式会社 Dispositif de simulation, dispositif de génération d'informations, procédé de simulation, programme de simulation, système de création d'environnement, procédé de création d'environnement, et programme
JP2018116688A (ja) * 2016-11-23 2018-07-26 アクセンチュア グローバル ソリューションズ リミテッド 認知ロボット工学アナライザ
WO2018235252A1 (fr) * 2017-06-23 2018-12-27 日本電気株式会社 Dispositif d'analyse, procédé d'analyse de journal et support d'enregistrement

Also Published As

Publication number Publication date
JPWO2022003868A1 (fr) 2022-01-06
JP7421196B2 (ja) 2024-01-24

Similar Documents

Publication Publication Date Title
US11868242B1 (en) Method, apparatus, and computer program product for predictive API test suite selection
US10318740B2 (en) Security risk scoring of an application
US10613968B2 (en) Generating test scripts for testing a network-based application
US11593475B2 (en) Security information analysis device, security information analysis method, security information analysis program, security information evaluation device, security information evaluation method, security information analysis system, and recording medium
US11893364B2 (en) Accelerating application modernization
US11563760B2 (en) Network embeddings model for personal identifiable information protection
Bainczyk et al. Model-based testing without models: the TodoMVC case study
WO2021171383A1 (fr) Dispositif de génération de journal, procédé de génération de journal et support d'enregistrement lisible par ordinateur
WO2022003868A1 (fr) Système de production de journal, procédé de production de journal et support lisible par ordinateur
Xu et al. Mining executable specifications of web applications from selenium ide tests
Sureka Kernel based sequential data anomaly detection in business process event logs
Beniuga et al. Using Petri net tool to study the dynamic behaviour of power systems protections
CN107609401A (zh) 自动测试方法及装置
Rong et al. Locating anomaly clues for atypical anomalous services: An industrial exploration
Agarwal et al. Contextual Derivation of Stable BKT Parameters for Analysing Content Efficacy.
US12008442B2 (en) Analysing machine-learned classifier models
KR102134357B1 (ko) 원자력발전소 사이버 취약성 시험을 위한 가상 물리 시스템 및 그 방법
WO2023162047A1 (fr) Dispositif de génération, procédé de génération et programme de génération
CN111698199A (zh) 防火墙监控方法及装置
JPWO2014054233A1 (ja) 情報システムの性能評価装置、方法およびプログラム
US20150262097A1 (en) System and method for modelling and simulating a decision making process of an enterprise
CN117857224B (zh) 一种基于多pov的dns授权依赖安全评估方法
CN111598159B (zh) 机器学习模型的训练方法、装置、设备及存储介质
US11699434B2 (en) Systems, computer-implemented methods, and computer program products for data sequence validity processing
Briš et al. New computing technology in reliability engineering

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20942644

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022532923

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20942644

Country of ref document: EP

Kind code of ref document: A1