| CPC H04L 63/1416 (2013.01) [G06F 16/9027 (2019.01); G06F 16/9538 (2019.01)] | 6 Claims |
|
1. An estimation system comprising:
retrieval circuitry configured to retrieve a subtree that matches a query to be estimated, from subtrees included in a syntax tree created from the query which is inserted into a Web request;
presentation circuitry configured to present information for specifying a type of damage of an attack and an attack target, the information being associated in advance with the subtree obtained by the retrieval circuitry in the retrieval;
extraction circuitry configured to extract the query inserted into the Web request that is detected to be the attack;
creating circuitry configured to create the syntax tree from the query extracted by the extraction circuitry in accordance with a rule defined in advance;
impartation circuitry configured to impart a label to the subtree that is a part of the syntax tree based on a result obtained in a case where the query corresponding to the subtree has been executed; and
identification circuitry configured to identify the type of damage of the attack according to the Web request based on the label imparted by the impartation circuitry,
wherein:
the retrieval circuitry retrieves the subtree that matches the query to be estimated, from subtrees included in the syntax tree created by the creating circuitry, and
the presentation circuitry presents information for specifying the type of damage of the attack and the attack target, based on the subtree obtained by the retrieval circuitry in the retrieval and the label imparted to the subtree.
|