US 12,438,787 B2
Analysis device, analysis system, analysis method, and analysis program
Takahiro Nukushina, Musashino (JP); Iifan Tyou, Musashino (JP); Yukio Nagafuchi, Musashino (JP); and Takaaki Koyama, Musashino (JP)
Assigned to NTT, Inc., Tokyo (JP)
Appl. No. 18/276,644
Filed by NTT, INC., Tokyo (JP)
PCT Filed Feb. 18, 2021, PCT No. PCT/JP2021/006186
§ 371(c)(1), (2) Date Aug. 10, 2023,
PCT Pub. No. WO2022/176128, PCT Pub. Date Aug. 25, 2022.
Prior Publication US 2024/0129202 A1, Apr. 18, 2024
Int. Cl. H04L 41/16 (2022.01); H04L 43/0876 (2022.01)
CPC H04L 41/16 (2013.01) [H04L 43/0876 (2013.01)] 7 Claims
OG exemplary drawing
 
1. An analysis device comprising:
processing circuitry configured to:
obtain normal communications models from a plurality of network traffic sensors respectively corresponding to a plurality of Internet of Things (IoT) devices, a respective network traffic sensor monitoring communications of a corresponding IoT device, and a respective normal communications model (i) being used to monitor the communications of the corresponding IoT device and (ii) indicating a characteristic of normal communications of the corresponding IoT device;
identify, from the obtained normal communications models, normal communications models that share a communications feature;
cluster the identified normal communications models that share the communications feature to generate a plurality of clusters of normal communications models;
determine a majority cluster having a largest number of normal communications models using a result of the clustering;
generate an average model of the normal communications models belonging to the majority cluster; and
notify the respective network traffic sensor of (i) attribution information indicating whether the respective normal communications model belongs to the majority cluster and (ii) the average model.