Information processing device and error detection method
US-2017132060-A1 · May 11, 2017 · US
Anomalous event confirmation assistance apparatus, anomalous event confirmation assistance meithod, and recording medium
US11372839B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11372839-B2 |
| Application number | US-201615779580-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 1, 2016 |
| Priority date | Dec 2, 2015 |
| Publication date | Jun 28, 2022 |
| Grant date | Jun 28, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The purpose of the present invention is to provide a technology which assists a verifying party in ascertaining an anomaly in an event of which notification has been made. Provided is an assistance device, comprising: an acquisition unit which acquires as an associated event, from among events which take place among a plurality of elements, and with respect to elements which have been associated with an event which has been detected as an anomalous event, an event other than the anomalous event which has been associated with the elements; and a generating unit which, on the basis of the anomalous event and the associated event, generates a relational graph in which the elements are vertices, the relations among the elements are edges, the anomalous event and the associated event are respectively represented, and the associated event is displayed in a display screen in a different manner from the manner in which the anomalous event is displayed.
First claim
Opening claim text (preview).
What is claimed is: 1. An anomalous event confirmation assistance apparatus comprising: one or more processors configured to; store, in a storage unit, a log of detecting events between a plurality of elements monitored on a monitored system that includes multiple hosts connected via a network; acquire, from the log, for an element related to an event detected as an anomalous event among the events between the plurality of the elements, an event that is related to the element and is different from the anomalous event, as a related event, wherein the related event is one of one or more events related to the anomalous event; and generate, based on the anomalous event, a relational graph that has the elements as a vertices and a relation between the elements as a side and represents each of the anomalous event, and generate, based on the related event, a relational graph that has the elements as vertices and a relation between the elements as a side and represents each of the related event, by overlaying the generated relational graph of the anomalous event, wherein the related event in the generated relational graph of the anomalous event and the related event is displayed on a display screen in a mode different from a mode of the anomalous event, each of the elements is one of a host, a process, a file and an account, when two elements of the elements are hosts, an event between the two elements is that data are transmitted, when one of two elements of the elements is a process and another of the two element is a file, an event between the two elements is that the process is accessed to the file, and when one of two elements of the elements is a process, an event between the two elements is that the process is executed by the account. 2. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the one or more processors are configured to accept an input of a display condition, wherein acquire, for an element related to an anomalous event that matches the display condition, the related event related to the element. 3. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the one or more processors are configured to accept an input of a display condition, wherein generate the relational graph representing the anomalous event that matches the display condition and the related event. 4. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the one or more processors are configured to acquire, for an element included between an element related to the anomalous event and a related element within a predetermined number of hops, an event related to the element as the related event. 5. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the one or more processors are configured to acquire, as the related event, every event related to at least one of a plurality of elements related to the anomalous event. 6. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the one or more processors are configured to acquire, as the related event, a predetermined number of events chosen in an order in which the event occurrence time is new, or a predetermined number of events chosen in descending order of number of occurrences out of events that occur in a certain past time period, among events related to at least one of a plurality of elements related to the anomalous event. 7. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the acquisition unit acquires, for a related element related to an element of the anomalous event, an event related to the related element as the related event. 8. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the one or more processors are configured to detect unit which detects the anomalous event. 9. The anomalous event confirmation assistance apparatus according to claim 1 , wherein the one or more processors are configured to display the relational graph on the display screen, a display unit includes the display screen. 10. An anomalous event confirmation assistance method executed by one or more processors comprising: storing, in a storage unit, a log of detecting events between a plurality of elements monitored on a monitored system that includes multiple hosts connected via a network; acquiring, for an element related to an event detected as an anomalous event among the events between the plurality of the elements, an event that is related to the element and is different from the anomalous event, as a related event, wherein the related event is one of one or more events related to the anomalous event; and generating, based on the anomalous event, a relational graph that has the elements as vertices and a relation between the elements as a side and represents each of the anomalous event, and generate, based on the related event, a relational graph that has the elements as vertices and a relation between the elements as a side and represents each of the related event, by overlaying the generated relational graph of the anomalous event, wherein the related event in the generated relational graph of the anomalous event and the related event is displayed on a display screen in a mode different from a mode of the anomalous event, each of the elements is one of a host, a process, a file and an account, when two elements of the elements are hosts, an event between the two elements is that data are transmitted, when one of two elements of the elements is a process and another of the two element is a file, an event between the two elements is that the process is accessed to the file, and when one of two elements of the elements is a process, an event between the two elements is that the process is executed by the account. 11. The anomalous event confirmation assistance method according to claim 10 , further comprising: accepting an input of a display condition; and, when acquiring the related event, acquiring, for an element related to an anomalous event that matches the display condition, the related event related to the element. 12. The anomalous event confirmation assistance method according to claim 10 , further comprising: accepting an input of a display condition; and generating the relational graph representing the anomalous event that matches the display condition and the related event. 13. A computer-readable non-transitory recording medium on which an anomalous event confirmation program is recorded, the anomalous event confirmation program causing a computer to execute: a process of storing, in a storage unit, a log of detecting events between a plurality of elements monitored on a monitored system that includes multiple hosts connected via a network; a process of acquiring, for an element related to an event detected as an anomalous event among the events between the plurality of the elements, an event that is related to the elements and is different from the anomalous event, as a related event, wherein the related event is one of the one or more events related to the anomalous event; and a process of generating, based on the anomalous event, a relational graph that has the elements as vertices and a relation between the elements as a side and represents each of the anomalous event, and a process of generating, based on the related event, a relational graph that has the elements as vertices and a relation between the elements as a side and represents each of the related event, by overlaying the generated relational graph of the anomalous event, wherein the related event in the generate
Assignees
Inventors
Classifications
- G06F11/0769Primary
Readable error formats, e.g. cross-platform generic formats, human understandable formats · CPC title
Graphs; Linked lists (G06F16/9027 takes precedence) · CPC title
- G06F16/2365Primary
Ensuring data consistency and integrity · CPC title
with visual {or acoustical} indication of the functioning of the machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11372839B2 cover?
- The purpose of the present invention is to provide a technology which assists a verifying party in ascertaining an anomaly in an event of which notification has been made. Provided is an assistance device, comprising: an acquisition unit which acquires as an associated event, from among events which take place among a plurality of elements, and with respect to elements which have been associate…
- Who is the assignee on this patent?
- Nec Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F11/0769. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 28 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).