WO2012132296A1 - 情報漏洩防止装置、方法及びプログラム - Google Patents
情報漏洩防止装置、方法及びプログラム Download PDFInfo
- Publication number
- WO2012132296A1 WO2012132296A1 PCT/JP2012/001865 JP2012001865W WO2012132296A1 WO 2012132296 A1 WO2012132296 A1 WO 2012132296A1 JP 2012001865 W JP2012001865 W JP 2012001865W WO 2012132296 A1 WO2012132296 A1 WO 2012132296A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- request
- response
- message
- unit
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Definitions
- the present invention relates to a technique for preventing leakage of personal information via communication.
- Patent Document 1 when a parameter is specified using a setting file indicating a correspondence between a parameter to be inspected and an inspection item, the inspection item corresponding to the specified parameter is specified and vulnerable. It has been proposed to perform sex testing.
- the present invention provides a technique for preventing leakage of personal information through communication in view of the above situation.
- An information leakage prevention apparatus includes a request information storage unit that stores message time, request source information, and request destination information for each information request message transmitted from a client terminal to a server device, and each information Of the response messages transmitted from the server device in response to the request message, a retention processing unit that retains a response message including personal information for a predetermined residence time from the message time of the corresponding information request message, and the request information storage unit A counting unit that counts the number of information request messages corresponding to the staying response message, which are information request messages from the same request source to the same request destination, based on the information about the information request message stored in The number of information request messages counted by this counting unit exceeds a predetermined threshold If you are, and a response processor that personal information included in the response message that the residence to apply protection process on the response message so as not to be received by the client terminal as the relevant requester.
- the second aspect relates to an information leakage prevention method.
- the computer stores the message time, the request source information, and the request destination information in the request information storage unit for each information request message transmitted from the client terminal to the server device.
- the request information storage unit stores a response message including personal information among response messages transmitted from the server device in response to each information request message for a predetermined residence time from the message time of the corresponding information request message.
- the number of information request messages corresponding to the staying response message is counted based on the information about the information request message stored in the information request message from the same request source to the same request destination. If the number of received information request messages exceeds a predetermined threshold, the message is retained Personal information contained in the answer message to apply protection process on the response message so as not to be received by the client terminal as the said requester comprises.
- the third aspect relates to an information leakage prevention device.
- the information leakage prevention apparatus includes a response message including personal information among response messages transmitted from the server apparatus in response to each information request message transmitted from the client terminal to the server apparatus.
- the stay processing unit that stays for a predetermined stay time from the message time related to the response message, the count unit that counts the number of response messages related to the same request source and the same request destination among the staying response messages, and the count unit
- protection processing is applied to the response message so that the personal information contained in the staying response message is not received by the client terminal that is the request source A response processing unit.
- An information leakage prevention method is a response message including personal information among response messages transmitted from the server device in response to each information request message transmitted from the client terminal to the server device. Is accumulated for a predetermined residence time from the message time related to the response message, the number of response messages related to the same request source and the same request destination among the remaining response messages is counted, and the number of the counted response messages Is applied to the response message so that the personal information included in the staying response message is not received by the requesting client terminal.
- Another aspect of the present invention may be a program that causes a computer to realize each configuration of the first aspect or the second aspect, or a computer-readable storage medium that records such a program. There may be.
- the storage medium includes a non-transitory tangible medium.
- FIG. 1 is a diagram conceptually illustrating a configuration example of a WEB system including a WEB server device (WEB server) in the first embodiment.
- FIG. 2 is a diagram conceptually illustrating a configuration example of the WEB server in the first embodiment.
- FIG. 3 is a diagram illustrating an example of the request information storage unit.
- FIG. 4 is a diagram illustrating an example of the personal information identification storage unit.
- FIG. 5 is a flowchart illustrating an operation example of the request processing system of the information leakage prevention unit in the first embodiment.
- FIG. 6 is a flowchart illustrating an operation example of the information leakage prevention unit in the first embodiment when acquiring HTTP response data.
- FIG. 1 is a diagram conceptually illustrating a configuration example of a WEB system including a WEB server device (WEB server) in the first embodiment.
- FIG. 2 is a diagram conceptually illustrating a configuration example of the WEB server in the first embodiment.
- FIG. 3 is a diagram illustrating an example of
- FIG. 7 is a flowchart illustrating an operation example related to the stay timer of the information leakage prevention unit according to the first embodiment.
- FIG. 8 is a diagram conceptually illustrating a configuration example of a WEB server in the second embodiment.
- FIG. 9 is a flowchart illustrating an operation example of the information leakage prevention unit according to the second embodiment when acquiring HTTP response data.
- FIG. 10 is a flowchart illustrating an operation example related to the retention timer of the information leakage prevention unit in the second embodiment.
- FIG. 11 is a diagram conceptually illustrating a configuration of a modified example of the WEB system.
- the information leakage prevention apparatus relates to each information request message transmitted from the client terminal to the server apparatus, a request information storage unit that stores message time, request source information, and request destination information, Of the response messages transmitted from the server device in response to the request message, a retention processing unit that retains a response message including personal information for a predetermined residence time from the message time of the corresponding information request message, and the request information storage unit A count unit that counts the number of information request messages corresponding to the staying response message, which is an information request message from the same request source to the same request destination, based on the information about the information request message stored in The number of information request messages counted by this counting unit exceeds a predetermined threshold. If it has, and a response processor that personal information included in the response message staying applies the protection process on the response message so as not to be received by the client terminal as the relevant requester.
- a response message including personal information stays for a predetermined stay time from the message time of the corresponding information request message, and information from the same request source to the same request destination corresponding to the staying response message
- the protection process is applied to the response message so that the personal information included in the response message is not received by the client terminal that is the request source. That is, in this embodiment, when an information request message for requesting a response message including personal information is transmitted from a same request source exceeding a predetermined threshold within a predetermined residence time, such an information request message is invalid. It is determined as a request. As a result, the personal information sent from the server device in response to an unauthorized request is processed so as not to be sent to the request source.
- the following embodiment is an example when the above-described information leakage prevention apparatus is applied to a WEB system.
- the information leakage prevention apparatus described above is not limited to application to the WEB system, but can be applied to various modes for exchanging personal information via communication.
- FIG. 1 is a diagram conceptually illustrating a configuration example of a WEB system including a WEB server device (hereinafter simply referred to as a WEB server) 10 in the first embodiment.
- the WEB server 10 in the first embodiment is communicably connected to a plurality of client terminals 1 via the network 3.
- the network 3 is a public network such as the Internet, a WAN (Wide Area Network), a LAN (Local Area Network), a wireless communication network, or the like.
- the connection form and communication form between the WEB server 10 and each client terminal 1 are not limited.
- the WEB server 10 may be constructed by a general-purpose computer such as a general personal computer (PC) or may be constructed by a dedicated computer.
- FIG. 1 shows a hardware configuration example of the WEB server 10.
- the WEB server 10 includes a CPU (Central Processing Unit) 5, a memory 6, an input / output interface (I / F) 7, and the like that are connected to each other via a bus 8 or the like as a hardware configuration.
- the memory 6 includes a RAM (Random Access Memory), a ROM (Read Only Memory), a hard disk, a portable storage medium, and the like.
- the input / output I / F 7 is connected to a communication device or the like that communicates with each client terminal 1 via the network 3.
- the input / output I / F 7 may be connected to a user interface device such as a display device or an input device. Note that this embodiment does not limit the hardware configuration of the WEB server 10.
- the client terminal 1 is a general information processing terminal such as a PC, a portable PC, a cellular phone or the like.
- the client terminal 1 has a general communication function capable of accessing the WEB server 10 and receiving data, a general user interface function capable of displaying and operating a screen based on the data provided from the WEB server 10, and the like. If it is.
- a WEB system is used as an interface between the WEB server 10 and the client terminal 1 is given. Therefore, the client terminal 1 has a so-called WEB browser as a user interface function, and HTTP (Hypertext It has a communication function to execute Transfer (Protocol).
- HTTP Hypertext It has a communication function to execute Transfer (Protocol). Note that the present embodiment does not limit the hardware configuration and functional configuration of the client terminal 1.
- the client terminal 1 includes a terminal operated by a user who tries to illegally acquire a large amount of personal information from the WEB server 10 (hereinafter referred to as an unauthorized user).
- the unauthorized user attacks the WEB server 10 using HTTP maliciously in at least one client terminal 1.
- This attack includes, for example, an attack called SQL (Structured Query Query Language) injection.
- FIG. 2 is a diagram conceptually illustrating a configuration example of the WEB server 10 in the first embodiment.
- the WEB server 10 in the first embodiment includes a communication unit 11, a WEB application 12, a WEB page storage unit 13, an information leakage prevention unit 15, and the like.
- Each of these processing units is realized as a software component that is a software component (fragment) such as a task, process, function, or data storage area. Therefore, each processing unit is realized, for example, by executing a program stored in the memory 6 by the CPU 5 shown in FIG.
- the WEB page storage unit 13 is realized on the memory 6.
- the communication unit 11 controls a network interface card or the like as the input / output I / F 7 and transmits / receives data exchanged with the client terminal 1 using a protocol such as HTTP.
- the communication unit 11 receives data such as a WEB page transmitted from the WEB application 12 or the information leakage prevention unit 15 and transmits an HTTP packet including the data to the client terminal 1. Further, when the communication unit 11 receives an HTTP packet transmitted from the client terminal 1, the communication unit 11 sends data included in the packet to the WEB application 12 or the information leakage prevention unit 15.
- HTTP request an HTTP packet for requesting an arbitrary WEB page transmitted from the client terminal 1 is referred to as an HTTP request.
- This HTTP request can also be generally called an information request message.
- the HTTP request includes information (IP address or the like) for specifying the requesting client terminal 1 as request source information, and URL (Uniform Resource Locator) information for designating information such as a desired WEB page. Is included as request destination information.
- HTTP responses a series of HTTP packets that are transmitted from the WEB server 10 and provide information requested by the client terminal 1 are denoted as HTTP responses.
- This HTTP response may be formed from a plurality of HTTP packets, for example, when the amount of information provided is large.
- the HTTP response can also be generally called a response message.
- the HTTP response includes the information specified by the request destination information together with the request source information and the request destination information included in the corresponding HTTP request.
- the WEB application 12 has a well-known general WEB server function.
- the WEB application 12 extracts data requested by the HTTP request from the client terminal 1 from the WEB page storage unit 13 and transmits an HTTP response including the data to the client terminal 1 via the communication unit 11.
- the WEB page storage unit 13 stores a plurality of WEB pages and various data forming the WEB pages. In particular, in the present embodiment, the WEB page storage unit 13 stores a lot of personal information.
- the information leakage prevention unit 15 corresponds to the information leakage prevention device in the above-described embodiment.
- the information leakage prevention unit 15 is interposed between the communication unit 11 and the WEB application 12.
- the information leakage prevention unit 15 includes a request information acquisition unit 101, a first target determination unit 102, a target determination information storage unit 103, a request information storage unit 105, a response information acquisition unit 111, a second target determination unit 112, and a personal information determination unit. 113, a personal information identification storage unit 114, a count unit 115, a response information storage unit 116, a retention timer 117, a retention processing unit 118, a response processing unit 119, and the like.
- Each of these processing units included in the information leakage prevention unit 15 is also realized as the software component.
- the request information acquisition unit 101, the first target determination unit 102, and the target determination information storage unit 103 can also be referred to as a request processing system 17 in order to perform processing related to the HTTP request.
- each processing unit other than the request processing system 17 and the request information storage unit 105 performs a process related to the HTTP response, and can also be referred to as a response processing system 18.
- the request information storage unit 105 is shared by the request processing system 17 and the response processing system 18.
- the request information acquisition unit 101 acquires information regarding the HTTP request received by the communication unit 11.
- the request information acquisition unit 101 may acquire information related to the HTTP request from the communication unit 11, or may acquire information related to the HTTP request sent from the communication unit 11 to the WEB application 12 from the WEB application 12. . Further, the request information acquisition unit 101 may acquire packet data itself that forms an HTTP request, or may acquire message time, request source information, and request destination information regarding the HTTP request.
- the message time indicates, for example, the time (date information) when the HTTP request is received by the WEB server 10. If the HTTP request includes transmission time information, the transmission time may be used as the message time.
- the request source information is, for example, the IP address of the client terminal 1 as described above.
- the request destination information is, for example, a URL as described above.
- the first target determining unit 102 determines an HTTP request to be inspected by the information leakage prevention unit 15, and only the information acquired by the request information acquiring unit 101 regarding the HTTP request determined to be inspected. Stored in the request information storage unit 105. Specifically, the first target determination unit 102 includes request destination information that matches the request destination information stored in the target determination information storage unit 103 among the information regarding the HTTP request acquired by the request information acquisition unit 101. An HTTP request is determined as an inspection target. The first target determination unit 102 does not store in the request information storage unit 105 information regarding an HTTP request that does not include the request destination information stored in the target determination information storage unit 103.
- the target determination information storage unit 103 stores request destination information for limiting HTTP requests that are to be inspected by the information leakage prevention unit 15.
- request destination information URL
- the limited information is not limited to the URL, and the limited information may be other information such as an IP address of the WEB server 10 or a parameter value added to the URL.
- the request destination information stored in the target determination information storage unit 103 is output from a diagnostic device (not shown) that diagnoses whether or not personal information is included in the HTTP response or WEB page of the WEB server 10. It may be data that has been processed. In this way, information to be stored in the target determination information storage unit 103 can be easily generated.
- the request information storage unit 105 stores the message time, the request source information, and the request destination information regarding each HTTP request determined as the inspection target by the first target determination unit 102.
- FIG. 3 is a diagram illustrating an example of the request information storage unit 105.
- the URL is stored as the request destination information
- the IP address of the client terminal 1 that has transmitted the HTTP request is stored as the request source information.
- the response information acquisition unit 111 acquires HTTP response data generated by the WEB application 12 in response to the HTTP request processed by the request processing system 17 as described above.
- the response information acquisition unit 111 may acquire the HTTP response data from the WEB application 12, or the communication unit 11 sends the HTTP response data sent from the WEB application 12 to the communication unit 11 in the direction of the network 3. You may acquire from the communication part 11 before sending out.
- the HTTP response data includes WEB page data included in the HTTP response, destination information of the HTTP response, information for specifying an HTTP request corresponding to the HTTP response, and the like.
- the information for specifying the HTTP request corresponding to the HTTP response includes, for example, a request number, request destination information (URL, etc.), parameters, and the like.
- the second target determination unit 112 identifies an HTTP response that should be a test target in the information leakage prevention unit 15 among the HTTP responses acquired by the response information acquisition unit 111, and excludes the HTTP response other than the specified HTTP response.
- the HTTP response is determined.
- the HTTP response data not subject to inspection thus determined is not subjected to determination processing by the personal information determination unit 113 and is not retained by the retention processing unit 118, and is transmitted to the network 3 via the communication unit 11. Sent out.
- the second target determination unit 112 sends the identified HTTP response data to the personal information determination unit 113.
- the HTTP response to be inspected is identified by request source information and request destination information matching request source information (destination information) and request destination information (information about the response source) included in the data in the request information storage unit 105. This is done by determining whether it is stored.
- the personal information determination unit 113 determines whether or not personal information is included in the HTTP response sent from the second target determination unit 112. Specifically, for each personal information type stored in the personal information identification storage unit 114, the personal information determination unit 113 sequentially determines whether the personal information of that type is included in the HTTP response data. For example, the personal information determination unit 113 has a determination logic for each personal information type, and executes the determination logic of the personal information type specified by the personal information identification storage unit 114. The personal information determination unit 113 sends HTTP response data to the stay processing unit 118 together with information indicating whether or not personal information is included.
- FIG. 4 is a diagram illustrating an example of the personal information identification storage unit 114.
- the personal information identification storage unit 114 stores a personal information type to be examined for each request destination.
- the personal information determination unit 113 has each determination logic for detecting a telephone number, name, credit number, address, and account number, and requests destination information “www.sample.com/secret”.
- Each determination logic for detecting a telephone number, a name, and a credit number is executed for an HTTP response including “/ individual”.
- the personal information has a data pattern determined to some extent for each type.
- each determination logic detects the data pattern from HTTP response data using a well-known pattern matching technique.
- the counting unit 115 is an HTTP request from the same request source to the same request destination, and the HTTP response that is retained by the retention processing unit 118. Count the number of corresponding HTTP requests. In other words, the count unit 115 counts the number of HTTP requests corresponding to an HTTP response including personal information among HTTP requests corresponding to information stored in the request information storage unit 105. The number of HTTP requests corresponds to the number of records stored in the request information storage unit 105 (see FIG. 3).
- the response information storage unit 116 stores HTTP response data that is retained so as not to be received by the client terminal 1 as a destination.
- the stay timer 117 measures the elapsed time from the message time for each HTTP request corresponding to the staying HTTP response. When the elapsed time becomes equal to or longer than a predetermined retention time that is held in advance, the residence timer 117 notifies the residence processing unit 118 to that effect together with request source information and request destination information of the target HTTP request.
- the stay processing unit 118 stores the HTTP response data in the response information storage unit 116 so that the HTTP response determined by the personal information determination unit 113 to include personal information is retained. While the HTTP response data is stored in the response information storage unit 116, the HTTP response is not sent from the communication unit 11 to the network 3. On the other hand, the staying processing unit 118 sends the HTTP response determined by the personal information determination unit 113 that no personal information is included, to the network 3 via the communication unit 11 without staying.
- the stay processing unit 118 instructs the count unit 115 to count the number of HTTP requests having request source information and request destination information regarding the HTTP response.
- the staying processing unit 118 extracts the HTTP response data from the response information storage unit 116.
- the extracted data is sent to the response processing unit 119.
- the staying processing unit 118 deletes the extracted HTTP response data from the response information storage unit 116.
- the stay processing unit 118 when the stay processing unit 118 receives notification from the stay timer 117 that the predetermined stay time has elapsed, the stay processing unit 118 counts to count the number of HTTP requests having the request source information and the request destination information notified from the stay timer 117. The unit 115 is instructed. If the number of HTTP requests counted by the counting unit 115 based on the above instruction does not exceed a predetermined threshold that is stored in advance, the residence processing unit 118 responds to an HTTP response corresponding to an HTTP request for which a predetermined residence time has elapsed. The information regarding the HTTP request is deleted from the request information storage unit 105.
- the stay processing unit 118 In releasing the stay of the HTTP response, the stay processing unit 118 extracts the data of the target HTTP response from the response information storage unit 116 and sends the target HTTP response to the network 3 via the communication unit 11. The stay processing unit 118 deletes the extracted HTTP response data from the response information storage unit 116. Thus, even when a plurality of HTTP requests for HTTP responses including personal information are transmitted from one client terminal, the number of HTTP requests within the predetermined residence time does not exceed a predetermined threshold. The plurality of HTTP requests are determined to be valid, and an HTTP response including personal information corresponding to them is delivered to the destination client terminal 1 as it is.
- the response processing unit 119 When the response processing unit 119 receives the HTTP response data from the stay processing unit 118 when the number of HTTP requests counted by the counting unit 115 exceeds a predetermined threshold value, the response processing unit 119 requests the personal information included in the data. A protection process is applied to this data so that it is not received by the original client terminal 1. This defense process may be a cancellation of the transmission of the HTTP response, or a process of replacing the personal information in the HTTP response with other data.
- FIG. 5 is a flowchart showing an operation example of the request processing system 17 of the information leakage prevention unit 15 in the first embodiment.
- the communication unit 11 receives the HTTP request in the WEB server 10.
- the request information acquisition unit 101 acquires information related to the HTTP request received by the communication unit 11 (S51).
- the information acquired here is the message time, the request source information (address information of the client terminal 1), and the request destination information (URL information) regarding the HTTP request.
- the first request determination unit 102 should check the HTTP request by comparing the information acquired by the request information acquisition unit 101 with the information stored in the target determination information storage unit 103. Is determined (S52). For example, when the URL information included in the HTTP request matches the URL information stored in the target determination information storage unit 103, it is determined that the HTTP request should be an inspection target.
- the first target determining unit 102 determines that the HTTP request is to be inspected (S52; YES)
- the first target determining unit 102 stores the information acquired by the request information acquiring unit 101 in the request information storage unit 105 (S53).
- the first target determining unit 102 determines that the HTTP request should not be the inspection target (S52; NO)
- the first target determining unit 102 does not store the information in the request information storage unit 105.
- FIG. 6 is a flowchart showing an operation example of the information leakage prevention unit 15 in the first embodiment when acquiring HTTP response data.
- the WEB server 10 when the HTTP request as described above is received, the WEB application 12 generates an HTTP response corresponding thereto.
- the response information acquisition unit 111 acquires the data of the generated HTTP response (S60).
- the second target determination unit 112 compares the data acquired by the response information acquisition unit 111 with the information stored in the request information storage unit 105, thereby determining whether or not the HTTP response should be an inspection target. Is determined (S61). Specifically, in this comparison, a pair of request source information (address information of the client terminal 1 that is the destination of the HTTP response) and request destination information (target URL information) included in the HTTP response data is the request information storage unit. Whether it is stored in 105 or not is determined. In other words, it is determined whether or not the HTTP response acquired by the response information acquisition unit 111 corresponds to the HTTP request determined as the inspection target by the first target determination unit 102.
- the personal information determination unit 113 determines whether or not the personal information is included in the data of the HTTP response (S62). ). When the personal information determination unit 113 determines that personal information is not included (S62; NO), the staying processing unit 118 requests information related to the HTTP request corresponding to the HTTP response determined not to include personal information. Delete from the storage unit 105 (S63).
- the second object determining unit 112 has not determined to be an inspection target (S61; NO) and when the personal information determining unit 113 determines that personal information is not included (S62; NO), the stay processing unit 118 However, the HTTP response is transmitted via the communication unit 11 without stagnation (S64).
- the stay processing unit 118 stores the HTTP response data in the response information storage unit 116 (S65). As a result, the HTTP response stays so as not to be received by the destination client terminal 1.
- the staying processing unit 118 sends request source information and request destination information related to the HTTP response to the counting unit 115.
- the counting unit 115 counts the number of HTTP requests corresponding to the request source information and the request destination information sent from the stay processing unit 118 based on the information stored in the request information storage unit 105 (S66). In other words, the count unit 115 counts the number of records including the same request source information and request destination information as the information sent from the stay processing unit 118 among the records stored in the request information storage unit 105 (S66). ).
- the stay processing unit 118 determines whether or not the number of HTTP requests counted by the counting unit 115 exceeds a predetermined threshold (S67). When the number of the HTTP requests exceeds a predetermined threshold (S67; YES), the staying processing unit 118 extracts HTTP response data corresponding to the HTTP request that is the count target from the response information storage unit 116 (S68). ), And sends the extracted data to the response processing unit 119. At this time, the stay processing unit 118 deletes the extracted HTTP response data from the response information storage unit 116 (S68). Furthermore, the staying processing unit 118 deletes the information related to the HTTP request that is the count target from the request information storage unit 105 (S69).
- the response processing unit 119 When the response processing unit 119 receives the HTTP response data from the staying processing unit 118, the response processing unit 119 applies a defense process to the data (S70). Thereby, the personal information included in the HTTP response to which this defense process is applied is not acquired by the client terminal 1 that is the request source.
- the staying processing unit 118 ends the process.
- FIG. 7 is a flowchart showing an operation example related to the stay timer 117 of the information leakage prevention unit 15 in the first embodiment.
- the stay timer 117 measures the elapsed time from the message time for each HTTP request corresponding to the staying HTTP response (S71). When the stay timer 117 detects that the elapsed time has exceeded the predetermined stay time (S72; YES), the stay timer 117 notifies the request processing information and the request destination information of the HTTP request whose elapsed time has exceeded the predetermined stay time. Notification to the unit 118.
- the stay processing unit 118 When the stay processing unit 118 receives the notification from the stay timer 117, the stay processing unit 118 instructs the count unit 115 to count the number of HTTP requests having the request source information and the request destination information notified from the stay timer 117. In response to this instruction, the count unit 115 counts the number of HTTP requests having the same request source and the same request destination as the HTTP requests whose elapsed time exceeds the predetermined residence time (S73).
- the stay processing unit 118 determines whether or not the number of HTTP requests counted by the counting unit 115 exceeds a predetermined threshold (S74). When the number of HTTP requests exceeds the predetermined threshold (S74; YES), the staying processing unit 118 executes the processing (S75) and the processing (S76), and then the response processing unit 119 performs the processing (S77). Execute.
- the processes (S75), (S76), and (S77) are the same as the processes (S68), (S69), and (S70) shown in FIG.
- the stay processing unit 118 stores response information as HTTP response data corresponding to the HTTP request whose elapsed time exceeds the predetermined stay time.
- the HTTP response is extracted from the unit 116, and an HTTP response is transmitted via the communication unit 11 based on the extracted data (S78).
- the stay processing unit 118 deletes the transmitted HTTP response data from the response information storage unit 116 (S79), and information on the HTTP request whose elapsed time exceeds the predetermined stay time from the request information storage unit 105. Delete (S80).
- the information leakage prevention unit 15 stores information on the HTTP request to be inspected in the request information storage unit 105.
- the determination as to whether or not the HTTP request is to be examined is performed using request destination information (URL information or the like) stored in advance in the object determination information storage unit 103.
- request destination information URL information or the like
- an HTTP request and an HTTP response to be inspected are sent. Can be limited. As a result, an unnecessary increase in the processing load of the information leakage prevention unit 15 can be prevented, and an HTTP response that does not include personal information can be immediately transmitted to the destination, thereby preventing unnecessary response delay. be able to.
- the transmission of the HTTP response determined that the personal information is included by the personal information determination unit 113 is reserved by the stay processing unit 118.
- the HTTP responses that stay the HTTP requests related to the same request source and the same request destination, and the HTTP responses corresponding to the number of HTTP requests that have been transmitted exceeding the predetermined threshold within the predetermined residence time, the personal information is the request source.
- a defense process is performed so that the client terminal 1 does not receive it.
- the first embodiment it is possible to accurately detect unauthorized access such as sending an HTTP request for an HTTP response including a large amount of personal information from a same request source during a certain period of time. It is possible to prevent the leakage of personal information due to.
- the HTTP responses corresponding to the HTTP requests related to the same request source and the same request destination and transmitted as many times as the predetermined threshold is not exceeded within the predetermined stay time. Is sent after the dwell.
- an HTTP request that normally requests personal information for business or the like is not determined to be unauthorized access, and an HTTP response to normal access is appropriately delivered to the request source even if the personal information is included.
- FIG. 8 is a diagram conceptually illustrating a configuration example of the WEB server 10 in the second embodiment.
- the information leakage prevention unit 15 in the second embodiment includes each processing unit included in the response processing system 18 in the first embodiment and a target determination information storage unit 103.
- the response information acquisition unit 111 acquires HTTP response data including a message time related to the HTTP response in addition to the information shown in the first embodiment.
- the message time indicates, for example, the time (date information) when the HTTP response is received by the response information acquisition unit 111. If the HTTP response includes transmission time information, the transmission time may be used as the message time.
- the target determination information storage unit 103 stores request destination information for limiting the HTTP response that should be the inspection target in the information leakage prevention unit 15.
- request destination information for designating a WEB page including personal information
- the limited information is not limited to the URL, and the limited information may be other information such as an IP address of the WEB server 10 or a parameter value added to the URL.
- the second target determination unit 112 uses the request destination information stored in the target determination information storage unit 103 to specify an HTTP response that should be a test target in the information leakage prevention unit 15. Specifically, the second target determination unit 112 includes a target determination information storage unit whose request destination information matches the request destination information (information about the response source) included in the HTTP response data acquired by the response information acquisition unit 111. It is determined whether or not it is stored in 103, and if it is stored, it is determined that the HTTP response is to be inspected. Other processes in the second target determining unit 112 are the same as those in the first embodiment.
- the counting unit 115 counts the number of HTTP responses having the same request source information and the same request destination information based on the HTTP response data stored in the response information storage unit 116.
- the response information storage unit 116 stores HTTP response data that is retained so as not to be received by the destination client terminal 1.
- the HTTP response data includes a message time related to the HTTP response as described above.
- the stay timer 117 measures the elapsed time from the message time for each staying HTTP response. When the elapsed time becomes equal to or longer than the predetermined retention time that is stored in advance, the retention timer 117 notifies the retention processing unit 118 of the request source information and the request destination information of the HTTP response whose elapsed time is equal to or longer than the predetermined retention time. Notice.
- the stay processing unit 118 instructs the count unit 115 to count the number of HTTP responses having the same request source information and the same request destination information as the HTTP response.
- the staying processing unit 118 stores the HTTP response data to be counted as a response information storage unit.
- the data extracted from 116 is sent to the response processing unit 119. At this time, the staying processing unit 118 deletes the extracted HTTP response data from the response information storage unit 116.
- the stay processing unit 118 when the stay processing unit 118 receives a notification from the stay timer 117 that the predetermined stay time has elapsed, the stay processing unit 118 counts to count the number of HTTP responses having the request source information and the request destination information notified from the stay timer 117. The unit 115 is instructed. When the number of HTTP responses counted by the counting unit 115 based on the above instruction does not exceed a predetermined threshold that is stored in advance, the retention processing unit 118 releases the retention of the HTTP response after the predetermined retention time has elapsed. .
- the processing at the time of releasing the stay of the HTTP response is the same as in the first embodiment.
- FIG. 9 is a flowchart illustrating an operation example of the information leakage prevention unit 15 in the second embodiment when acquiring HTTP response data.
- the response information acquisition unit 111 acquires the generated HTTP response data (S90).
- the acquired data includes a message time related to the HTTP response.
- the second target determination unit 112 determines the HTTP response based on whether information matching the request destination information included in the data acquired by the response information acquisition unit 111 is stored in the target determination information storage unit 103. It is determined whether or not to be inspected (S91).
- the request destination information is, for example, URL information that is a target of an HTTP response.
- the personal information determination unit 113 determines whether or not the personal information is included in the data of the HTTP response (S92). ).
- the stay processing unit 118 Transmits the HTTP response via the communication unit 11 without stagnation (S93).
- the stay processing unit 118 stores the HTTP response data in the response information storage unit 116 (S95). As a result, the HTTP response stays so as not to be received by the destination client terminal 1.
- the staying processing unit 118 sends request source information and request destination information related to the HTTP response to the counting unit 115.
- the count unit 115 calculates the number of HTTP responses having the request source information and the request destination information sent from the stay processing unit 118 among the staying HTTP responses. Count (S96).
- the stay processing unit 118 determines whether or not the number of HTTP responses counted by the counting unit 115 exceeds a predetermined threshold (S97). If the number of HTTP responses does not exceed the predetermined threshold (S97; NO), the staying processing unit 118 ends the process.
- the stay processing unit 118 extracts the HTTP response data to be counted from the response information storage unit 116 (S98). The extracted data is sent to the response processing unit 119. At this time, the staying processing unit 118 deletes the extracted HTTP response data from the response information storage unit 116 (S98).
- the response processing unit 119 Upon receiving the HTTP response data from the stay processing unit 118, the response processing unit 119 applies a defense process to this data (S99). Thereby, the personal information included in the HTTP response to which this defense process is applied is not acquired by the client terminal 1 that is the request source.
- FIG. 10 is a flowchart showing an operation example related to the stay timer 117 of the information leakage prevention unit 15 in the second embodiment.
- the stay timer 117 measures the elapsed time from the message time for each staying HTTP response (S101). When the residence timer 117 detects that the elapsed time exceeds the predetermined residence time (S102; YES), the residence timer 117 notifies the fact that the elapsed time exceeds the predetermined residence time together with the request source information and the request destination information of the HTTP response. Notification to the unit 118.
- the stay processing unit 118 When the stay processing unit 118 receives the notification from the stay timer 117, the stay processing unit 118 instructs the count unit 115 to count the number of HTTP responses having the request source information and the request destination information notified from the stay timer 117. In response to this instruction, the counting unit 115 counts the number of HTTP responses having the same request source and the same request destination as the HTTP response whose elapsed time exceeds the predetermined residence time in the staying HTTP response (S103). .
- the stay processing unit 118 determines whether or not the number of HTTP responses counted by the counting unit 115 exceeds a predetermined threshold (S104). If the number of HTTP responses exceeds the predetermined threshold (S104; YES), the staying processing unit 118 executes the processing (S105), and then the response processing unit 119 executes the processing (S106).
- the processes (S105) and (S106) are the same as the processes (S98) and (S99) shown in FIG.
- the stay processing unit 118 extracts the HTTP response data whose elapsed time exceeds the predetermined stay time from the response information storage unit 116. Then, based on the extracted data, an HTTP response is transmitted via the communication unit 11 (S108). Further, the staying processing unit 118 deletes the transmitted HTTP response data from the response information storage unit 116 (S109).
- the HTTP response data generated by the WEB application 12 is acquired by the response information acquisition unit 111 of the information leakage prevention unit 15, it is determined whether or not the HTTP response should be an inspection target. The determination is performed by the second target determining unit 112. Thereby, only the HTTP response including the request destination information that matches the request destination information stored in the target determination information storage unit 103 is set as the inspection target.
- the second embodiment similarly to the first embodiment, it is possible to limit the HTTP responses to be inspected, and to prevent an unnecessary increase in the processing load of the information leakage prevention unit 15. And unnecessary response delay can be prevented.
- transmission of an HTTP response that is determined by the personal information determination unit 113 to include personal information is reserved by the stay processing unit 118.
- the HTTP responses that stay the HTTP responses related to the same request source and the same request destination, and the number of HTTP responses acquired for a number exceeding a predetermined threshold within a predetermined stay time, personal information is received at the client terminal 1 of the request source. Defense processing is applied so that it is not received.
- the second embodiment when a large number of HTTP responses including personal information related to the same request source and the same request destination are generated within a predetermined time, such an HTTP response is a response to unauthorized access. It is judged that there is. Therefore, according to the second embodiment, a response to unauthorized access can be reliably detected before being sent to a destination client, and personal information leakage due to unauthorized access can be prevented.
- the HTTP responses related to the same request source and the same request destination, and the HTTP responses generated for a number of times not exceeding the predetermined threshold within the predetermined stay time are Sent. Therefore, in the second embodiment as well, as in the first embodiment, it is possible to prevent only leakage of personal information due to unauthorized access without confusion between access for properly seeking personal information and unauthorized access. it can.
- FIG. 11 is a diagram conceptually illustrating a configuration of a modified example of the WEB system. As shown in FIG. 11, in the WEB system in this modification, the information leakage prevention unit 15 is interposed between the WEB server 10 and the client terminal 1.
- the request information acquisition unit 101 may receive an HTTP request transmitted from the client terminal 1 from the network 3, and the response information acquisition unit 111 may acquire an HTTP response from the WEB server 10.
- the HTTP response transmitted by the WEB server 10 may be received via the network 3.
- the response information acquisition unit 111 receives the HTTP response so that the HTTP response transmitted from the WEB server 10 is not received by the destination client terminal 1.
- a request information storage unit that stores message time, request source information, and request destination information, Of the response messages transmitted from the server device in response to each information request message, a retention processing unit that retains a response message including personal information for a predetermined residence time from the message time of the corresponding information request message; Based on the information on the information request message stored in the request information storage unit, the number of information request messages corresponding to the staying response message is an information request message from the same request source to the same request destination.
- a response processing unit that applies defense processing to An information leakage prevention device comprising:
- the personal information determination part which determines whether personal information is contained in the said response message, Further comprising The stay processing unit deletes information about the information request message corresponding to the response message determined not to include personal information by the personal information determination unit from the request information storage unit, and does not include the personal information Sending the message without staying, and staying the response message determined to contain personal information by the personal information determination unit,
- the information leakage prevention device according to Supplementary Note 1, wherein
- the stay processing unit is related to the information request message corresponding to the staying response message when the number of information request messages counted by the count unit does not exceed the predetermined threshold.
- the elapsed time from the message time stored in the request information storage unit is equal to or longer than the predetermined residence time, the residence of the response message corresponding to the information request message is canceled, and the information about the information request message is Delete from request information storage,
- the information leakage prevention device according to Supplementary Note 2, wherein
- a request information acquisition unit that acquires information about the information request message; Of the information related to the information request message acquired by the request information acquisition unit, only the information related to the information request message including the request destination information that matches the predetermined request destination information stored in advance is stored in the request information storage unit.
- An object determination unit Response messages other than the response message corresponding to the information request message having the request source information and the request destination information stored in the request information storage unit in the response message transmitted from the server device are not subject to inspection.
- a second target determining unit that determines a message; Further comprising The personal information determination unit does not determine the response message not subject to inspection, The stay processing unit deletes information related to the information request message corresponding to the response message outside the inspection target from the request information storage unit, and sends out the response message outside the inspection target without staying,
- the information leakage prevention apparatus according to Supplementary Note 2 or 3, wherein
- a response message including personal information is stored for a predetermined time from the message time related to the response message.
- a retention processing unit that retains for a period of time;
- a counting unit that counts the number of response messages related to the same request source and the same request destination; When the number of response messages counted by the counting unit exceeds a predetermined threshold, the personal information included in the staying response message is not received by the requesting client terminal.
- An information leakage prevention device comprising:
- the personal information determination part which determines whether personal information is contained in the said response message, Further comprising
- the stay processing unit sends out the response message determined not to contain personal information by the personal information determination unit without staying, and stays the response message determined to contain personal information by the personal information determination unit ,
- the information leakage prevention apparatus according to Supplementary Note 5, wherein
- the stay processing unit is configured so that the number of response messages counted by the count unit does not exceed the predetermined threshold, and the elapsed time from the message time related to the staying response message is the predetermined time.
- the dwell time is equal to or longer than the dwell time of the response message when the elapsed time is equal to or greater than the predetermined dwell time.
- the response processing unit does not send out the staying response message or applies personal information deletion processing or personal information editing processing to the staying response message as the defense processing After that, send a response message to which the process is applied.
- the information leakage prevention device according to any one of appendices 1 to 7, characterized in that:
- the message time, request source information and request destination information are stored in the request information storage unit, respectively.
- a response message including personal information is retained for a predetermined residence time from the message time of the corresponding information request message.
- the number of information request messages corresponding to the staying response message is an information request message from the same request source to the same request destination. Count and When the counted number of information request messages exceeds a predetermined threshold, the personal information included in the staying response message is prevented from being received by the requesting client terminal. Apply defense processing, Information leakage prevention method.
- the said computer further includes determining whether personal information is contained in the said response message, Residence of the response message is Deleting information related to the information request message corresponding to the response message determined not to include personal information from the request information storage unit; Sending out the response message that does not contain the personal information without staying, The response message determined to include the personal information is retained.
- the response message is stored when the number of the counted information request messages does not exceed the predetermined threshold and the information request message corresponding to the stored response message.
- the response message corresponding to the information request message is released from retention, and information related to the information request message is sent to the request information Delete from the storage,
- the computer Obtaining information about the information request message; Of the information about the acquired information request message, only the information about the information request message including the request destination information that matches the predetermined request destination information stored in advance is stored in the request information storage unit, Response messages other than the response message corresponding to the information request message having the request source information and the request destination information stored in the request information storage unit in the response message transmitted from the server device are not subject to inspection.
- a request information storage unit that stores message time, request source information, and request destination information, and Of the response messages transmitted from the server device in response to each information request message, a retention processing unit that retains a response message including personal information for a predetermined residence time from the message time of the corresponding information request message; Based on the information on the information request message stored in the request information storage unit, the number of information request messages corresponding to the staying response message is an information request message from the same request source to the same request destination.
- the response message including personal information is retained for a predetermined residence time from the message time related to the response message.
- the response message is retained when the counted number of response messages does not exceed the predetermined threshold, and the elapsed time from the message time related to the retained response message is the predetermined retention time.
- the stay of the response message whose elapsed time is equal to or longer than the predetermined stay time is canceled, The information leakage prevention method according to attachment 15.
- the response message including personal information is retained for a predetermined residence time from the message time related to the response message.
- a retention processing section Among the staying response messages, a counting unit that counts the number of response messages related to the same request source and the same request destination; When the number of response messages counted by the counting unit exceeds a predetermined threshold, the personal information included in the staying response message is not received by the requesting client terminal.
- a response processing unit that applies the defense process A program characterized by realizing.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
〔システム構成〕
図1は、第1実施形態におけるWEBサーバ装置(以降、単にWEBサーバと表記する)10を含むWEBシステムの構成例を概念的に示す図である。第1実施形態におけるWEBサーバ10は、ネットワーク3を介して複数のクライアント端末1に通信可能に接続される。ネットワーク3は、インターネット等のような公衆網、WAN(Wide Area Network)、LAN(Local Area Network)、無線通信ネットワーク等である。本実施形態において、WEBサーバ10と各クライアント端末1との間の接続形態及び通信形態は限定されない。
図2は、第1実施形態におけるWEBサーバ10の構成例を概念的に示す図である。第1実施形態におけるWEBサーバ10は、図2に示すように、通信部11、WEBアプリケーション12、WEBページ格納部13、情報漏洩防止部15等を有する。これら各処理部は、タスク、プロセス、関数、データ格納領域のようなソフトウェア部品(断片)であるソフトウェア構成要素としてそれぞれ実現される。よって、各処理部は、例えば、図1に示す、CPU5がメモリ6に格納されるプログラムを実行することによりそれぞれ実現される。WEBページ格納部13は、メモリ6上で実現される。
要求情報取得部101は、通信部11で受信されたHTTPリクエストに関する情報を取得する。要求情報取得部101は、通信部11から当該HTTPリクエストに関する情報を取得してもよいし、通信部11からWEBアプリケーション12へ送られた当該HTTPリクエストに関する情報をWEBアプリケーション12から取得してもよい。また、要求情報取得部101は、HTTPリクエストを形成するパケットデータそのものを取得してもよいし、当該HTTPリクエストに関するメッセージ時間、要求元情報及び要求先情報を取得してもよい。メッセージ時間は、例えば、HTTPリクエストがWEBサーバ10で受信された時間(日時情報)を示す。HTTPリクエストに送信時間の情報が含まれている場合には、その送信時間をメッセージ時間に利用してもよい。要求元情報は、上述したように、例えば、クライアント端末1のIPアドレスである。要求先情報は、上述したように、例えば、URLである。
応答情報取得部111は、上述のような要求処理系17で処理されたHTTPリクエストに対して、WEBアプリケーション12で生成されたHTTPレスポンスのデータを取得する。応答情報取得部111は、WEBアプリケーション12から当該HTTPレスポンスのデータを取得してもよいし、WEBアプリケーション12から通信部11へ送られた当該HTTPレスポンスのデータを、通信部11がネットワーク3方向へ送出する前に、通信部11から取得してもよい。HTTPレスポンスのデータとは、HTTPレスポンスに含まれるWEBページデータ、HTTPレスポンスの宛先情報、HTTPレスポンスに対応するHTTPリクエストを特定するための情報等である。HTTPレスポンスに対応するHTTPリクエストを特定するための情報には、例えば、リクエスト番号、要求先情報(URL等)、パラメータ等が含まれる。
以下、第1実施形態における情報漏洩防止部15の動作例を要求処理系17と応答処理系18とに分けてそれぞれ説明する。
上述したように第1実施形態では、WEBサーバ10においてHTTPリクエストが受信されると、情報漏洩防止部15において、検査対象となるHTTPリクエストに関する情報が要求情報格納部105に格納される。HTTPリクエストを検査対象とすべきか否かの判定は、対象判定情報格納部103に予め格納される要求先情報(URL情報等)を用いて行われる。これにより、WEBアプリケーション12により生成されたHTTPレスポンスのうち、要求情報格納部105への格納対象とされたHTTPリクエストに応じたHTTPレスポンスのみが検査対象とされる。
上述の第1実施形態では、HTTPリクエストとHTTPレスポンスとの関係を用いて不正アクセスが検出され、不正アクセスの応答となるHTTPレスポンス内の個人情報が防御された。第2実施形態では、HTTPレスポンスのみを用いて不正アクセスを検出する。以降、第2実施形態におけるWEBサーバ装置10について、第1実施形態と異なる内容を中心に説明し、第1実施形態と同様の内容については適宜省略する。
図8は、第2実施形態におけるWEBサーバ10の構成例を概念的に示す図である。第2実施形態では、情報漏洩防止部15の構成のみが第1実施形態と異なる。第2実施形態における情報漏洩防止部15は、第1実施形態における応答処理系18に含まれる各処理部と対象判定情報格納部103とから構成される。
以下、第2実施形態における情報漏洩防止部15の動作例について図9及び図10を用いて説明する。ここでも、第1実施形態と異なる動作を中心に説明し、第1実施形態と同様の動作については適宜省略する。
このように第2実施形態では、WEBアプリケーション12により生成されたHTTPレスポンスのデータが情報漏洩防止部15の応答情報取得部111で取得されると、このHTTPレスポンスを検査対象とすべきか否かの判定が、第2対象決定部112により行われる。これにより、対象判定情報格納部103に格納される要求先情報と一致する要求先情報を含むHTTPレスポンスのみが検査対象とされる。
上述の第1実施形態及び第2実施形態では、不正ユーザが、HTTPを介してWEBサーバ10から個人情報を不正に取得する例を示したが、不正ユーザによる個人情報取得方法は、HTTPに限定されない。SMTP(Simple Mail Transfer Protocol)やその他のプロトコルが利用されてもよい。
前記各情報要求メッセージに応じて前記サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、対応の情報要求メッセージのメッセージ時間から所定滞留時間の間滞留させる滞留処理部と、
前記要求情報格納部で格納される情報要求メッセージに関する情報に基づいて、同じ要求元から同じ要求先への情報要求メッセージであって、前記滞留している応答メッセージに対応する情報要求メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた情報要求メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が前記要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を備えることを特徴とする情報漏洩防止装置。
を更に備え、
前記滞留処理部は、前記個人情報判定部により個人情報を含まないと判定された応答メッセージに対応する情報要求メッセージに関する情報を前記要求情報格納部から削除し、かつ、当該個人情報を含まない応答メッセージを滞留させることなく送出し、前記個人情報判定部により個人情報を含むと判定された応答メッセージを滞留させる、
ことを特徴とする付記1に記載の情報漏洩防止装置。
ことを特徴とする付記2に記載の情報漏洩防止装置。
前記要求情報取得部により取得された情報要求メッセージに関する情報のうち、予め格納される所定要求先情報と一致する要求先情報を含む情報要求メッセージに関する情報のみを前記要求情報格納部に格納する第1対象決定部と、
前記サーバ装置から送信される応答メッセージの中の、前記要求情報格納部で格納されている要求元情報及び要求先情報を持つ情報要求メッセージに応じた応答メッセージ以外の応答メッセージを検査対象外の応答メッセージに決定する第2対象決定部と、
を更に備え、
前記個人情報判定部は、前記検査対象外の応答メッセージについては判定せず、
前記滞留処理部は、前記検査対象外の応答メッセージに対応する情報要求メッセージに関する情報を前記要求情報格納部から削除し、かつ、前記検査対象外の応答メッセージを滞留させることなく送出する、
ことを特徴とする付記2又は3に記載の情報漏洩防止装置。
前記滞留している応答メッセージのうち、同じ要求元及び同じ要求先に関する応答メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた応答メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を備えることを特徴とする情報漏洩防止装置。
を更に備え、
前記滞留処理部は、前記個人情報判定部により個人情報を含まないと判定された応答メッセージを滞留させることなく送出し、前記個人情報判定部により個人情報を含むと判定された応答メッセージを滞留させる、
ことを特徴とする付記5に記載の情報漏洩防止装置。
ことを特徴とする付記6に記載の情報漏洩防止装置。
ことを特徴とする付記1から7のいずれか1つに記載の情報漏洩防止装置。
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに関し、メッセージ時間、要求元情報及び要求先情報を要求情報格納部にそれぞれ格納し、
前記各情報要求メッセージに応じて前記サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、対応の情報要求メッセージのメッセージ時間から所定滞留時間の間滞留させ、
前記要求情報格納部に格納される情報要求メッセージに関する情報に基づいて、同じ要求元から同じ要求先への情報要求メッセージであって、前記滞留している応答メッセージに対応する情報要求メッセージの数をカウントし、
前記カウントされた情報要求メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が前記要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する、
ことを含む情報漏洩防止方法。
前記応答メッセージの滞留は、
個人情報を含まないと判定された応答メッセージに対応する情報要求メッセージに関する情報を前記要求情報格納部から削除し、
前記個人情報を含まない前記応答メッセージを滞留させることなく送出し、
前記個人情報を含むと判定された応答メッセージを滞留させる、
ことを含む付記9に記載の情報漏洩防止方法。
付記10に記載の情報漏洩防止方法。
前記情報要求メッセージに関する情報を取得し、
前記取得された情報要求メッセージに関する情報のうち、予め格納される所定要求先情報と一致する要求先情報を含む情報要求メッセージに関する情報のみを前記要求情報格納部に格納し、
前記サーバ装置から送信される応答メッセージの中の、前記要求情報格納部で格納されている要求元情報及び要求先情報を持つ情報要求メッセージに応じた応答メッセージ以外の応答メッセージを検査対象外の応答メッセージに決定する、
ことを更に含み、
前記応答メッセージに個人情報が含まれるか否かの前記判定は、前記検査対象外の応答メッセージについては判定せず、
前記応答メッセージの滞留は、前記検査対象外の応答メッセージに対応する情報要求メッセージに関する情報を前記要求情報格納部から削除し、かつ、前記検査対象外の応答メッセージを滞留させることなく送出する、
付記付記10又は11に記載の情報漏洩防止方法。
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに関し、メッセージ時間、要求元情報及び要求先情報をそれぞれ格納する要求情報格納部と、
前記各情報要求メッセージに応じて前記サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、対応の情報要求メッセージのメッセージ時間から所定滞留時間の間滞留させる滞留処理部と、
前記要求情報格納部で格納される情報要求メッセージに関する情報に基づいて、同じ要求元から同じ要求先への情報要求メッセージであって、前記滞留している応答メッセージに対応する情報要求メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた情報要求メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が前記要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を実現させることを特徴とするプログラム。
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに応じて当該サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、当該応答メッセージに関するメッセージ時間から所定滞留時間の間滞留させ、
前記滞留している応答メッセージのうち、同じ要求元及び同じ要求先に関する応答メッセージの数をカウントし、
前記カウントされた応答メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する、
ことを含む情報漏洩防止方法。
前記応答メッセージに個人情報が含まれるか否かを判定する、
ことを更に含み、
前記応答メッセージの滞留は、
個人情報を含まないと判定された応答メッセージを滞留させることなく送出し、
個人情報を含むと判定された応答メッセージを滞留させる、
ことを含む付記14に記載の情報漏洩防止方法。
付記15に記載の情報漏洩防止方法。
付記9から12、及び、付記14から16のいずれか1つに記載の情報漏洩防止方法。
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに応じて当該サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、当該応答メッセージに関するメッセージ時間から所定滞留時間の間滞留させる滞留処理部と、
前記滞留している応答メッセージのうち、同じ要求元及び同じ要求先に関する応答メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた応答メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を実現させることを特徴とするプログラム。
Claims (12)
- クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに関し、メッセージ時間、要求元情報及び要求先情報をそれぞれ格納する要求情報格納部と、
前記各情報要求メッセージに応じて前記サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、対応の情報要求メッセージのメッセージ時間から所定滞留時間の間滞留させる滞留処理部と、
前記要求情報格納部で格納される情報要求メッセージに関する情報に基づいて、同じ要求元から同じ要求先への情報要求メッセージであって、前記滞留している応答メッセージに対応する情報要求メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた情報要求メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が前記要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を備えることを特徴とする情報漏洩防止装置。 - 前記応答メッセージに個人情報が含まれるか否かを判定する個人情報判定部、
を更に備え、
前記滞留処理部は、前記個人情報判定部により個人情報を含まないと判定された応答メッセージに対応する情報要求メッセージに関する情報を前記要求情報格納部から削除し、かつ、当該個人情報を含まない応答メッセージを滞留させることなく送出し、前記個人情報判定部により個人情報を含むと判定された応答メッセージを滞留させる、
ことを特徴とする請求項1に記載の情報漏洩防止装置。 - 前記滞留処理部は、前記カウント部によりカウントされた情報要求メッセージの数が前記所定閾値を超えない場合で、かつ、前記滞留している応答メッセージに対応する情報要求メッセージに関し、前記要求情報格納部に格納されるメッセージ時間からの経過時間が前記所定滞留時間以上となる場合に、当該情報要求メッセージに対応する応答メッセージの滞留を解除し、かつ、当該情報要求メッセージに関する情報を前記要求情報格納部から削除する、
ことを特徴とする請求項2に記載の情報漏洩防止装置。 - 前記情報要求メッセージに関する情報を取得する要求情報取得部と、
前記要求情報取得部により取得された情報要求メッセージに関する情報のうち、予め格納される所定要求先情報と一致する要求先情報を含む情報要求メッセージに関する情報のみを前記要求情報格納部に格納する第1対象決定部と、
前記サーバ装置から送信される応答メッセージの中の、前記要求情報格納部で格納されている要求元情報及び要求先情報を持つ情報要求メッセージに応じた応答メッセージ以外の応答メッセージを検査対象外の応答メッセージに決定する第2対象決定部と、
を更に備え、
前記個人情報判定部は、前記検査対象外の応答メッセージについては判定せず、
前記滞留処理部は、前記検査対象外の応答メッセージに対応する情報要求メッセージに関する情報を前記要求情報格納部から削除し、かつ、前記検査対象外の応答メッセージを滞留させることなく送出する、
ことを特徴とする請求項2又は3に記載の情報漏洩防止装置。 - クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに応じて当該サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、当該応答メッセージに関するメッセージ時間から所定滞留時間の間滞留させる滞留処理部と、
前記滞留している応答メッセージのうち、同じ要求元及び同じ要求先に関する応答メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた応答メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を備えることを特徴とする情報漏洩防止装置。 - 前記応答メッセージに個人情報が含まれるか否かを判定する個人情報判定部、
を更に備え、
前記滞留処理部は、前記個人情報判定部により個人情報を含まないと判定された応答メッセージを滞留させることなく送出し、前記個人情報判定部により個人情報を含むと判定された応答メッセージを滞留させる、
ことを特徴とする請求項5に記載の情報漏洩防止装置。 - 前記滞留処理部は、前記カウント部によりカウントされた応答メッセージの数が前記所定閾値を超えない場合で、かつ、前記滞留している応答メッセージに関するメッセージ時間からの経過時間が前記所定滞留時間以上となる場合に、当該経過時間が前記所定滞留時間以上となった応答メッセージの滞留を解除する、
ことを特徴とする請求項6に記載の情報漏洩防止装置。 - 前記応答処理部は、前記防御処理として、前記滞留している応答メッセージを送出しない、又は、前記滞留している応答メッセージに対し個人情報の削除処理又は個人情報の編集処理を適用した後に、当該処理が適用された応答メッセージを送出する、
ことを特徴とする請求項1から7のいずれか1項に記載の情報漏洩防止装置。 - コンピュータが、
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに関し、メッセージ時間、要求元情報及び要求先情報を要求情報格納部にそれぞれ格納し、
前記各情報要求メッセージに応じて前記サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、対応の情報要求メッセージのメッセージ時間から所定滞留時間の間滞留させ、
前記要求情報格納部に格納される情報要求メッセージに関する情報に基づいて、同じ要求元から同じ要求先への情報要求メッセージであって、前記滞留している応答メッセージに対応する情報要求メッセージの数をカウントし、
前記カウントされた情報要求メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が前記要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する、
ことを含む情報漏洩防止方法。 - コンピュータに、
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに関し、メッセージ時間、要求元情報及び要求先情報をそれぞれ格納する要求情報格納部と、
前記各情報要求メッセージに応じて前記サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、対応の情報要求メッセージのメッセージ時間から所定滞留時間の間滞留させる滞留処理部と、
前記要求情報格納部で格納される情報要求メッセージに関する情報に基づいて、同じ要求元から同じ要求先への情報要求メッセージであって、前記滞留している応答メッセージに対応する情報要求メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた情報要求メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が前記要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を実現させることを特徴とするプログラム。 - コンピュータが、
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに応じて当該サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、当該応答メッセージに関するメッセージ時間から所定滞留時間の間滞留させ、
前記滞留している応答メッセージのうち、同じ要求元及び同じ要求先に関する応答メッセージの数をカウントし、
前記カウントされた応答メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する、
ことを含む情報漏洩防止方法。 - コンピュータに、
クライアント端末からサーバ装置宛てに送信された各情報要求メッセージに応じて当該サーバ装置から送信される応答メッセージのうち、個人情報を含む応答メッセージを、当該応答メッセージに関するメッセージ時間から所定滞留時間の間滞留させる滞留処理部と、
前記滞留している応答メッセージのうち、同じ要求元及び同じ要求先に関する応答メッセージの数をカウントするカウント部と、
前記カウント部によりカウントされた応答メッセージの数が所定閾値を超えている場合に、前記滞留している応答メッセージに含まれる個人情報が要求元となるクライアント端末で受信されないように当該応答メッセージに対して防御処理を適用する応答処理部と、
を実現させることを特徴とするプログラム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013507143A JP5939645B2 (ja) | 2011-03-25 | 2012-03-16 | 情報漏洩防止装置、方法及びプログラム |
US14/007,175 US9251367B2 (en) | 2011-03-25 | 2012-03-16 | Device, method and program for preventing information leakage |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011067315 | 2011-03-25 | ||
JP2011-067315 | 2011-03-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012132296A1 true WO2012132296A1 (ja) | 2012-10-04 |
Family
ID=46930087
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2012/001865 WO2012132296A1 (ja) | 2011-03-25 | 2012-03-16 | 情報漏洩防止装置、方法及びプログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US9251367B2 (ja) |
JP (1) | JP5939645B2 (ja) |
WO (1) | WO2012132296A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015029129A1 (ja) | 2013-08-27 | 2015-03-05 | 三菱電機株式会社 | データ処理装置及びデータ処理方法及びプログラム |
KR20170094415A (ko) * | 2015-06-29 | 2017-08-17 | 구글 인코포레이티드 | 개인정보 보호 트레이닝 코퍼스 선택 |
US10560473B2 (en) | 2016-10-03 | 2020-02-11 | Fujitsu Limited | Method of network monitoring and device |
JP2022518136A (ja) * | 2019-01-03 | 2022-03-14 | サイトリックス システムズ,インコーポレイテッド | 作業空間におけるポリシベースの通知保護サービス |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10184882B2 (en) * | 2013-03-12 | 2019-01-22 | Fedex Supply Chain Logistics & Electroncis, Inc. | System and method for providing user guidance for electronic device processing |
JP6204854B2 (ja) * | 2014-03-12 | 2017-09-27 | 株式会社Nttドコモ | 情報提供システム、情報提供方法、近距離通信デバイス、情報提供装置及びサーバ |
US10043038B2 (en) * | 2015-01-08 | 2018-08-07 | Jumpshot, Inc. | Identifying private information from data streams |
CN105260673A (zh) * | 2015-09-18 | 2016-01-20 | 小米科技有限责任公司 | 短信读取方法及装置 |
US11611535B2 (en) * | 2021-05-11 | 2023-03-21 | Citrix Systems, Inc. | Dynamically selecting firewall signatures using network traffic |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005044277A (ja) * | 2003-07-25 | 2005-02-17 | Fuji Xerox Co Ltd | 不正通信検出装置 |
JP2010020728A (ja) * | 2008-07-14 | 2010-01-28 | Nippon Telegr & Teleph Corp <Ntt> | サービスコンポーネントの擾乱防止方法、およびサービスコンポーネントの擾乱制御装置 |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7146505B1 (en) * | 1999-06-01 | 2006-12-05 | America Online, Inc. | Secure data exchange between date processing systems |
US7966372B1 (en) * | 1999-07-28 | 2011-06-21 | Rpost International Limited | System and method for verifying delivery and integrity of electronic messages |
JP2002203109A (ja) * | 2000-12-28 | 2002-07-19 | Credit Information Center Corp | データベースへのアクセス許可システム、アクセス許可方法、及びデータベース管理装置 |
US7003565B2 (en) * | 2001-04-03 | 2006-02-21 | International Business Machines Corporation | Clickstream data collection technique |
JP4274710B2 (ja) * | 2001-06-28 | 2009-06-10 | 株式会社日立製作所 | 通信中継装置 |
JP3566699B2 (ja) * | 2002-01-30 | 2004-09-15 | 株式会社東芝 | サーバ計算機保護装置および同装置のデータ転送制御方法 |
US7565687B2 (en) * | 2002-02-08 | 2009-07-21 | International Business Machines Corporation | Transmission control system, server, terminal station, transmission control method, program and storage medium |
JP4596384B2 (ja) * | 2002-03-22 | 2010-12-08 | ブラザー工業株式会社 | クライアントサーバシステム、サーバ、サーバ組み込み機器及びプログラム |
JP2005134995A (ja) | 2003-10-28 | 2005-05-26 | Recruit Co Ltd | セキュリティ管理システム及びセキュリティ管理方法ならびにセキュリティ管理プログラム |
JP2006268682A (ja) * | 2005-03-25 | 2006-10-05 | Fujitsu Ltd | 認証システム、その制御方法、情報処理システムおよび携帯型認証装置 |
KR100670832B1 (ko) * | 2005-12-12 | 2007-01-19 | 한국전자통신연구원 | 에이전트를 이용한 사용자 개인정보 송수신 방법 및 장치 |
US7617170B2 (en) * | 2006-10-09 | 2009-11-10 | Radware, Ltd. | Generated anomaly pattern for HTTP flood protection |
US20080281695A1 (en) * | 2007-05-11 | 2008-11-13 | Verizon Services Organization Inc. | Systems and methods for using voice services records to provide targeted marketing services |
KR100929916B1 (ko) * | 2007-11-05 | 2009-12-04 | 한국전자통신연구원 | 개인 휴대 단말기에서 접근 상황분석을 통한 중요정보외부유출 차단 시스템 및 방법 |
JP4764512B2 (ja) * | 2007-11-09 | 2011-09-07 | 株式会社Icon | 情報伝達システム及び情報伝達方法 |
BRPI1009078A2 (pt) * | 2009-06-01 | 2019-09-24 | Koninl Philips Electronics Nv | método para determinar de maneira dinãmica os direitos de acesso de um dispositivo cliente a um prontuário e sistema para determinar de maneira dinâmica os direitos de acesso de um dispositivo cliente a um prontuário |
US8443452B2 (en) * | 2010-01-28 | 2013-05-14 | Microsoft Corporation | URL filtering based on user browser history |
CN102281298A (zh) * | 2011-08-10 | 2011-12-14 | 深信服网络科技(深圳)有限公司 | 检测和防御cc攻击的方法及装置 |
-
2012
- 2012-03-16 JP JP2013507143A patent/JP5939645B2/ja active Active
- 2012-03-16 WO PCT/JP2012/001865 patent/WO2012132296A1/ja active Application Filing
- 2012-03-16 US US14/007,175 patent/US9251367B2/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005044277A (ja) * | 2003-07-25 | 2005-02-17 | Fuji Xerox Co Ltd | 不正通信検出装置 |
JP2010020728A (ja) * | 2008-07-14 | 2010-01-28 | Nippon Telegr & Teleph Corp <Ntt> | サービスコンポーネントの擾乱防止方法、およびサービスコンポーネントの擾乱制御装置 |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015029129A1 (ja) | 2013-08-27 | 2015-03-05 | 三菱電機株式会社 | データ処理装置及びデータ処理方法及びプログラム |
KR20170094415A (ko) * | 2015-06-29 | 2017-08-17 | 구글 인코포레이티드 | 개인정보 보호 트레이닝 코퍼스 선택 |
JP2018506081A (ja) * | 2015-06-29 | 2018-03-01 | グーグル エルエルシー | プライバシー保護を行うトレーニングコーパス選択 |
KR20190071010A (ko) * | 2015-06-29 | 2019-06-21 | 구글 엘엘씨 | 개인정보 보호 트레이닝 코퍼스 선택 |
KR101991473B1 (ko) * | 2015-06-29 | 2019-09-30 | 구글 엘엘씨 | 개인정보 보호 트레이닝 코퍼스 선택 |
KR102109876B1 (ko) * | 2015-06-29 | 2020-05-28 | 구글 엘엘씨 | 개인정보 보호 트레이닝 코퍼스 선택 |
US10560473B2 (en) | 2016-10-03 | 2020-02-11 | Fujitsu Limited | Method of network monitoring and device |
JP2022518136A (ja) * | 2019-01-03 | 2022-03-14 | サイトリックス システムズ,インコーポレイテッド | 作業空間におけるポリシベースの通知保護サービス |
US11748513B2 (en) | 2019-01-03 | 2023-09-05 | Citrix Systems, Inc. | Policy based notification protection service in workspace |
Also Published As
Publication number | Publication date |
---|---|
US9251367B2 (en) | 2016-02-02 |
JPWO2012132296A1 (ja) | 2014-07-24 |
US20140026226A1 (en) | 2014-01-23 |
JP5939645B2 (ja) | 2016-06-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5939645B2 (ja) | 情報漏洩防止装置、方法及びプログラム | |
US9215242B2 (en) | Methods and systems for preventing unauthorized acquisition of user information | |
CN103179132B (zh) | 一种检测和防御cc攻击的方法及装置 | |
US8528084B1 (en) | Systems and methods for detecting potential communications fraud | |
US9817969B2 (en) | Device for detecting cyber attack based on event analysis and method thereof | |
US20160226908A1 (en) | Identification of and countermeasures against forged websites | |
EP2755157B1 (en) | Detecting undesirable content | |
US20160080413A1 (en) | Blocking forgiveness for ddos | |
WO2015154539A1 (zh) | 网站安全检测方法及装置 | |
CN107341395B (zh) | 一种拦截爬虫的方法 | |
US9147067B2 (en) | Security method and apparatus | |
CN103856471B (zh) | 跨站脚本攻击监控***及方法 | |
CN107800686B (zh) | 一种钓鱼网站识别方法和装置 | |
WO2014103115A1 (ja) | 不正侵入検知装置、不正侵入検知方法、不正侵入検知プログラム及び記録媒体 | |
US20150026813A1 (en) | Method and system for detecting network link | |
EP3987728B1 (en) | Dynamically controlling access to linked content in electronic communications | |
CN103516693A (zh) | 鉴别钓鱼网站的方法与装置 | |
CN102664872A (zh) | 用于检测和防止对计算机网络中服务器攻击的***和方法 | |
US10757118B2 (en) | Method of aiding the detection of infection of a terminal by malware | |
CN117544335A (zh) | 诱饵激活方法、装置、设备及存储介质 | |
JP5743822B2 (ja) | 情報漏洩防止装置及び制限情報生成装置 | |
CN107493279B (zh) | 基于Nginx的安全防护的方法及装置 | |
KR101265448B1 (ko) | 네트워크 필터 드라이버를 이용한 피싱 사이트 검사방법 | |
JP6055726B2 (ja) | ウェブページ監視装置、ウェブページ監視システム、ウェブページ監視方法およびコンピュータプログラム | |
US11297101B1 (en) | Phishing website detection by checking form differences followed by false credentials submission |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12764751 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013507143 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14007175 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12764751 Country of ref document: EP Kind code of ref document: A1 |