| CPC H04L 43/0894 (2013.01) [H04L 47/2416 (2013.01); H04L 47/2483 (2013.01)] | 6 Claims |
|
1. An abnormality detection device that detects an abnormality in signal transmission, the abnormality detection device being connected to a network including a transmission device that transmits a signal, a reception device that receives the signal, and a transfer device that transfers the signal from the transmission device to the reception device, the abnormality detection device comprising:
a flow table generation circuit that collects transmission source information and destination information for the signal for each transmission device, that collects transmission source information and destination information for the signal for each reception device, and that generates a transmission/reception flow table by aggregating entries for flows with the same transmission source address, transmission source port, destination address, and destination port, among the transmission source information and the destination information;
a connection table generation circuit that generates a connection table by collecting, for each port of the transfer device, a name and a physical address of a given device which is the transmission device or the reception device connected to the port;
a calculation circuit that calculates an expected traffic amount by adding, for each port of the transfer device, amounts of traffic in all the flows corresponding to the given device from the transmission/reception flow table on the basis of the name of the given device in the connection table; and
a comparison circuit that compares an observed traffic amount of traffic measured and the expected traffic amount for each port of the transfer device, and that determines that there is an abnormality in traffic amount when there is a predetermined deviation or more therebetween.
|