US 9,813,451 B2
Apparatus and method for detecting cyber attacks from communication sources
Satomi Honda, Yokohama (JP); Masahiko Takenaka, Kawasaki (JP); and Satoru Torii, Yokohama (JP)
Assigned to FUJITSU LIMITED, Kawasaki (JP)
Filed by FUJITSU LIMITED, Kawasaki-shi, Kanagawa (JP)
Filed on Jul. 20, 2015, as Appl. No. 14/803,503.
Claims priority of application No. 2014-168892 (JP), filed on Aug. 22, 2014.
Prior Publication US 2016/0057169 A1, Feb. 25, 2016
Int. Cl. G06F 17/00 (2006.01); H04L 29/06 (2006.01)
CPC H04L 63/20 (2013.01) [H04L 63/083 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01)] 13 Claims
OG exemplary drawing
 
1. An apparatus comprising:
a memory; and
a processor coupled to the memory and configured to
detect a communication source device that transmits a plurality of ping commands addressed to a plurality of first devices within a given time period,
record the plurality of first devices specified by the plurality of ping commands transmitted from the detected communication source device,
determine whether a correlation exists among a plurality of first authentication requests for the plurality of first devices from the communication source device,
decide that the communication source device is an attack source of a cyber attack and the plurality of first devices are attack targets by the cyber attack in a case where the correlation exists,
control to discard the plurality of first authentication requests for the plurality of first devices generated by the communication source device after the plurality of ping commands, and
control to invalidate a second authentication request transmitted from another communication source device different from the communication source device detected as a communication source of the plurality of ping commands, provided that the second authentication request is addressed to at least one of the plurality of first devices.