	US 11,985,151 B2
	Generation device, generation method, and generation program
Takeshi Nakatsuru, Musashino (JP); Tomoyasu Sato, Musashino (JP); Takuya Minami, Musashino (JP); Naoto Fujiki, Musashino (JP); and Masami Izumi, Musashino (JP)
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
Appl. No. 17/254,875
Filed by NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
PCT Filed Jul. 2, 2019, PCT No. PCT/JP2019/026239 § 371(c)(1), (2) Date Dec. 22, 2020, PCT Pub. No. WO2020/009094, PCT Pub. Date Jan. 9, 2020.
Claims priority of application No. 2018-126189 (JP), filed on Jul. 2, 2018.
Prior Publication US 2021/0273963 A1, Sep. 2, 2021
Int. Cl. H04L 29/06 (2006.01); G06F 21/55 (2013.01); H04L 9/40 (2022.01)

CPC H04L 63/1425 (2013.01) [G06F 21/554 (2013.01); H04L 63/1416 (2013.01)]

12 Claims

1. A generation device comprising:

a memory; and

processing circuitry coupled to the memory and configured to:

sense anomaly of a network based on information having a plurality of items related to communication in the network,

identify an intrusion detection and prevention signature as a cause of anomaly corresponding to each piece of the information when anomaly is sensed, the identification of the intrusion detection and prevention signature being based on a comparison of each piece of the information to a table associating row information including at least source addresses, destination addresses, source ports, destination ports, duration, and protocol to intrusion detection and prevention signatures, and

generate, based on values of the items in the information, source address classification and destination address classification, and the cause of anomaly identified, a cause-of-anomaly pattern for each predetermined set of pieces of the information.