Information processing apparatus, information processing method, and computer readable medium

Abstract

An attack detection apparatus () collects packets a transmission source or a transmission destination of which is a protection target apparatus (), and generates packet information by setting an entry for each collected packet and describing attribute data of the packet together with occurrence time of the packet for each entry. Further, the attack detection apparatus () stores definition information which defines an extraction time width and an extraction condition for each category of attack. When a security apparatus () detects a packet which corresponds to any category, the attack detection apparatus () selects the extraction time width and the extraction condition of a category of a detection packet detected as a selection extraction time width and a selection extraction condition, specifies an extraction time range which starts from the occurrence time of the detection packet and whose width is equal to the selection extraction time width, extracts from the packet information an entry the occurrence time of which is included in the extraction time range and the attribute data of which coincides with the selection extraction condition, and determines presence or absence of an attack to the protection target apparatus () based on an extraction result.