US 12,113,816 B2
Anomaly detection device, anomaly detection method and anomaly detection program
Naoto Fujiki, Musashino (JP); Takuya Minami, Musashino (JP); and Masanori Shinohara, Musashino (JP)
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
Appl. No. 17/626,817
Filed by NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
PCT Filed Jul. 23, 2019, PCT No. PCT/JP2019/028912
§ 371(c)(1), (2) Date Jan. 13, 2022,
PCT Pub. No. WO2021/014592, PCT Pub. Date Jan. 28, 2021.
Prior Publication US 2022/0263737 A1, Aug. 18, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 43/04 (2022.01); H04L 43/16 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 43/04 (2013.01); H04L 43/16 (2013.01)] 8 Claims
OG exemplary drawing
 
1. An abnormality detection device comprising:
a memory; and
a processor coupled to the memory and programmed to execute a process comprising:
acquiring a communication feature for normal communication of communication equipment;
amplifying, if a data count or a data acquisition period for the acquired communication feature exceeds a predetermined value, the data count for a communication feature by a plurality of predetermined schemes in accordance with data counts for respective groups, each group sharing a same 5-tuple;
creating, for each of the predetermined schemes, reference value information for normal communication of the communication equipment through learning using the amplified communication feature;
determining accuracy of abnormality detection for each of the predetermined schemes using an anomaly score representing a deviation of test data representing a communication feature for abnormal communication from the reference value information; and
selecting the reference value information created by one of the schemes, the determined accuracy for which is highest.