US 11,729,135 B2
Information processing apparatus and non-transitory computer readable medium for detecting unauthorized access
Ye Sun, Kanagawa (JP); and Tatsuo Suzuki, Kanagawa (JP)
Assigned to FUJIFILM Business Innovation Corp., Tokyo (JP)
Filed by FUJIFILM Business Innovation Corp., Tokyo (JP)
Filed on Nov. 29, 2020, as Appl. No. 17/106,165.
Claims priority of application No. 2020-094038 (JP), filed on May 29, 2020.
Prior Publication US 2021/0377218 A1, Dec. 2, 2021
Int. Cl. H04L 29/06 (2006.01); H04L 61/4511 (2022.01); H04L 9/40 (2022.01); G06F 18/214 (2023.01); H04L 101/69 (2022.01)
CPC H04L 61/4511 (2022.05) [G06F 18/214 (2023.01); H04L 63/0236 (2013.01); H04L 63/101 (2013.01); H04L 63/107 (2013.01); H04L 2101/69 (2022.05)] 6 Claims
OG exemplary drawing
 
1. An information processing apparatus comprising:
a processor configured to
detect unauthorized access from a subject terminal to a subject host as a result of inputting subject input data into an autoencoder, an Internet protocol address of the subject terminal and an Internet protocol address of the subject host being used as at least part of the subject input data, the autoencoder having performed learning by using learning data, an Internet protocol address of a terminal and an Internet protocol address of a host to which the terminal has connected being used as at least part of the learning data, wherein the processor is further configured to:
detect unauthorized access from the subject terminal based on an error score, the error score being calculated from an overall difference between the subject input data and subject output data, the subject output data representing output from the autoencoder in response to the subject input data; and
calculate the error score so that the overall difference between the subject input data and the subject output data becomes greater when a difference is found between a higher segment of the Internet protocol address of the subject terminal indicated by the subject input data and the higher segment of the Internet protocol address of the subject terminal indicated by the subject output data than when the same difference is found between a lower segment of the Internet protocol address of the subject terminal indicated by the subject input data and the lower segment of the Internet protocol address of the subject terminal indicated by the subject output data or so that the overall difference between the subject input data and the subject output data becomes greater when a difference is found between a higher segment of the Internet protocol address of the subject host indicated by the subject input data and the higher segment of the Internet protocol address of the subject host indicated by the subject output data than when the same difference is found between a lower segment of the Internet protocol address of the subject host indicated by the subject input data and the lower segment of the Internet protocol address of the subject host indicated by the subject output data.