Determining apparatus, determining method, and determining program
US-2020201987-A1 · Jun 25, 2020 · US
Determination method, determination device and recording medium
US11797670B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11797670-B2 |
| Application number | US-201917056457-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 15, 2019 |
| Priority date | May 21, 2018 |
| Publication date | Oct 24, 2023 |
| Grant date | Oct 24, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A determination method includes determining an attack type of an attack code included in an attack request on a server, carrying out emulation of an attack by the attack code on the server in accordance with the determined attack type, extracting a feature related to a backdoor operation appearing in an attack code on the server in a case of succeeding in an attack on the server as a result of the emulation, and determining that an attack by the attack code has succeeded in a case where a communication log of the server has the extracted feature, by a processor.
First claim
Opening claim text (preview).
The invention claimed is: 1. A determination method comprising: determining an attack type of an attack code included in an attack request on a server; carrying out emulation of an attack by the attack code on the server in accordance with the determined attack type; extracting a feature related to a backdoor operation appearing in an attack code on the server in a case of succeeding in an attack on the server as a result of the emulation; and determining that an attack by the attack code has succeeded in a case where a communication log of the server has the extracted feature, by a processor. 2. The determination method according to claim 1 , wherein the extracting includes extracting a system call of OS, an API call of application, or a communication log as a feature related to the backdoor operation. 3. A determination device comprising: a memory; and processing circuitry coupled to the memory and configured to: determine an attack type of an attack code included in an attack request on a server, carry out emulation of an attack by the attack code on the server in accordance with the determined attack type, extract a feature related to a backdoor operation appearing in an attack code on the server in a case of succeeding in an attack on the server as a result of the emulation, and determine that an attack by the attack code has succeeded in a case where a communication log of the server has the extracted feature. 4. A non-transitory computer-readable recording medium storing therein a determination program that causes a computer to execute a process comprising: determining an attack type of an attack code included in an attack request on a server, carrying out emulation of an attack by the attack code on the server in accordance with the determined attack type, extracting a feature related to a backdoor operation appearing in an attack code on the server in a case of succeeding in an attack on the server as a result of the emulation, and determining that an attack by the attack code has succeeded in a case where a communication log of the server has the extracted feature.
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
Event detection, e.g. attack signature detection · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11797670B2 cover?
- A determination method includes determining an attack type of an attack code included in an attack request on a server, carrying out emulation of an attack by the attack code on the server in accordance with the determined attack type, extracting a feature related to a backdoor operation appearing in an attack code on the server in a case of succeeding in an attack on the server as a result of …
- Who is the assignee on this patent?
- Nippon Telegraph & Telephone
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 24 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).