View All Documents & Correspondence
Process Search Device And Process Search Program
Abstract: An action process list (330) is a list in which an attack type identifier and an action process identifier are correlated with each other. An operation process list (340) is a list in which an operation-source process identifier and an operation-destination process identifier are correlated with each other. An indirect process search unit (230) uses the action process list and the operation process list to search for a set of indirect process identifiers which correspond to a set of action process identifiers correlated with different attack type identifiers and which correspond to a set of the operation-source process identifier and the operation-destination process identifier.
Notices, Deadlines & Correspondence
Patent Information
Applicants
MITSUBISHI ELECTRIC CORPORATION
Inventors
1. KATAOKA, Eri
2. MATSUMOTO, Mitsuhiro
Specification
We Claim:
[Claim 1)
A process search apparats comprising:
a storage unit to store an activity process list in which an attack type identifer of a tye of a detected attack and an activity process identifer of an activity process perfred during a time period during which the attack is detected are associated with each other; and an operation process list in which an operation-source process identifer of an operation-source process having operated another process during the time period during which the attack is detected and an operation-destination process identifer of an operation-destination process that is the another process operated are associated with each other; and
an indirect process searching unit to search fr a set of indirect process identifers using the activity process list and the operation process list, the set of indirect process identifers corresponding to a set of activity process identifers associated with different attack tye identifers, and corresponding to a set of an operation-source process identifer and an operation-destination process identifer.
[Claim 2)
The process search apparatus according to claim 1, wherein the indirect process searching unit:
selects an origin type identifer fom attack type identifers included in the activity process list, based on a number of activity process identifers associated with each of the attack type identifers, the origin tye identifer being an attack tye identifier serving as an origin of a search; and
searches fr the set of indirect process identifers using activity process
identifiers associated with the selected origin type identifier.
[Claim 3]
The process search apparatus according to claim 2, wherein the indirect process searching unit selects, as the origin type identifier, an attack type identifier with a smallest number of activity process identifiers associated with the attack type identifier among the attack type identifiers included in the activity process list.
[Claim 4]
The process search apparatus according to claim 2, wherein the indirect process searching unit:
selects an activity process identifier associated with the origin type identifier, as an origin process identifier from the activity process list;
selects an attack type identifier different from the origin type identifier, as a search type identifier from the activity process list;
selects an activity process identifier associated with the search type identifier, as a search process identifier from the activity process list; and
determines whether the operation process list includes a set of an operation-destination process identifier and an operation-source process identifier corresponding to a set of the origin process identifier and the search process identifier.
[Claim 5]
The process search apparatus according to claim 4, wherein
the attack type identifier is a number indicating order of attacks, and
the indirect process searching unit selects, as the search type identifier, an
attack type identifier indicating a number immediately before a number indicated by the origin type identifier.
[Claim 6]
The process search apparatus according to claim 5, wherein when the operation process list includes a set of an operation-destination process identifier and an operation-source process identifier corresponding to a set of the origin process identifier and the search process identifier, and the number indicated by the search type identifier is a first number, the indirect process searching unit generates the set of the origin 1 process identifier and the search process identifier as the set of indirect process identifiers.
[Claim 7]
The process search apparatus according to claim 6, wherein
when the operation process list includes the set of an operation-destination process identifier and an operation-source process identifier corresponding to the set of the origin process identifier and the search process identifier, but the number indicated by the search type identifier is not the first number, the indirect process searching unit:
selects an activity process identifier associated with the search type identifier, i as a new origin process identifier;
selects an attack type identifier indicating a number immediately before the number indicated by the search type identifier, as a new search type identifier;
selects an activity process identifier associated with the new search type identifier, as a new search process identifier; and
generates, when the operation process list includes a set of an
operation-destination process identifier and an operation-source process identifier corresponding to a set of the new origin process identifier and the new search process identifier and the number indicated by the new search type identifier is the first number, the set of the origin process identifier and the search process identifier and the set of the new origin process identifier and the new search process identifier, as the set of indirect process identifiers.
[Claim 8]
The process search apparatus according to claim 5, wherein
the activity process list includes an attack start time that is a start time of the
time period during which an attack is detected, and that is a time associated with an
attack type identifier and an activity process identifier, and
the indirect process searching unit selects each activity process identifier
associated with the search type identifier, as the search process identifier, in ascending
order of attack start times from the activity process list.
[Claim 9]
The process search apparatus according to claim 8, wherein
the indirect process searching unit:
selects an operation-source process identifier identical to the search process identifier from the operation process list, and obtains an operation-destination process identifier associated with the selected operation-source process identifier, as an additional-process identifier from the operation process list; and
generates a set of the origin process identifier, the search process identifier, and the additional-process identifier as the set of indirect process identifiers when the
operation process list includes the set of an operation-destination process identifier and an operation-source process identifier corresponding to the set of the origin process identifier and the search process identifier, and the number indicated by the search type identifier is a first number.
[Claim 10]
The process search apparatus according to claim 9, wherein when the search process identifier is identical to an additional-process identifier for a search process identifier selected previously, the indirect process searching unit omits a processing for the set of the origin process identifier and the search process identifier.
[Claim 11]
The process search apparatus according to claim 6, wherein the indirect process searching unit:
selects an attack type identifier indicating a number immediately after the number indicated by the origin type identifier, as a new search type identifier;
selects an activity process identifier associated with the new search type identifier, as a new search process identifier; and
generates, when the operation process list includes a set of an operation-destination process identifier and an operation-source process identifier corresponding to a set of the origin process identifier and the new search process identifier, the set of the origin process identifier and the new search process identifier as the set of indirect process identifiers.
[Claim 12]
The process search apparatus according to claim 11, wherein
the activity process list includes an attack start time that is a start time of the
time period during which the attack is detected, and that is a time associated with the
attack type identifier and the activity process identifier, and
the indirect process searching unit selects each activity process identifier
associated with the search type identifier, as the new search process identifier, in
descending order of attack start times from the activity process list.
[Claim 13]
The process search apparatus according to claim 12, wherein
the indirect process searching unit:
selects an operation-source process identifier identical to the new search process identifier from the operation process list, and obtains an operation-source process identifier associated with the selected operation-source process identifier, as an additional-process identifier from the operation process list; and
adds the obtained additional-process identifier to the set of the origin process identifier and the search process identifier.
[Claim 14]
The process search apparatus according to claim 13, wherein when the new search process identifier is an identifier identical to an additional-process identifier for a search process identifier selected previously, the indirect process searching unit omits a processing for the set of the origin process identifier and the new search process identifier.
[Claim 15]
A process search program using an activity process list and an operation process list, wherein
the activity process list is a list in which an attack type identifier of a type of a detected attack and an activity process identifier of an activity process performed during a time period during which the attack is detected are associated with each other,
the operation process list is a list in which an operation-source process identifier of an operation-source process having operated another process during the time period during which the attack is detected and an operation-destination process identifier of an operation-destination process that is the another process operated are associated with each other, and
the process search program causes a computer to perform an indirect process search processing for searching for a set of indirect process identifiers using the activity process list and the operation process list, the set of indirect process identifiers corresponding to a set of activity process identifiers associated with different attack type identifiers, and corresponding to a set of an operation-source process identifier and an operation-destination process identifier.
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 201847034656-IntimationOfGrant15-12-2023.pdf | 2023-12-15 |
| 1 | 201847034656-TRANSLATIOIN OF PRIOIRTY DOCUMENTS ETC. [14-09-2018(online)].pdf | 2018-09-14 |
| 2 | 201847034656-PatentCertificate15-12-2023.pdf | 2023-12-15 |
| 2 | 201847034656-STATEMENT OF UNDERTAKING (FORM 3) [14-09-2018(online)].pdf | 2018-09-14 |
| 3 | 201847034656-Written submissions and relevant documents [14-12-2023(online)].pdf | 2023-12-14 |
| 3 | 201847034656-REQUEST FOR EXAMINATION (FORM-18) [14-09-2018(online)].pdf | 2018-09-14 |
| 4 | 201847034656-PROOF OF RIGHT [14-09-2018(online)].pdf | 2018-09-14 |
| 4 | 201847034656-FORM-26 [28-11-2023(online)].pdf | 2023-11-28 |
| 5 | 201847034656-POWER OF AUTHORITY [14-09-2018(online)].pdf | 2018-09-14 |
| 5 | 201847034656-Correspondence to notify the Controller [27-11-2023(online)].pdf | 2023-11-27 |
| 6 | 201847034656-US(14)-HearingNotice-(HearingDate-29-11-2023).pdf | 2023-11-03 |
| 6 | 201847034656-FORM 18 [14-09-2018(online)].pdf | 2018-09-14 |
| 7 | 201847034656-FORM 3 [23-02-2023(online)].pdf | 2023-02-23 |
| 7 | 201847034656-FORM 1 [14-09-2018(online)].pdf | 2018-09-14 |
| 8 | 201847034656-FORM 3 [07-02-2022(online)].pdf | 2022-02-07 |
| 8 | 201847034656-DRAWINGS [14-09-2018(online)].pdf | 2018-09-14 |
| 9 | 201847034656-DECLARATION OF INVENTORSHIP (FORM 5) [14-09-2018(online)].pdf | 2018-09-14 |
| 9 | 201847034656-FORM 3 [15-07-2021(online)].pdf | 2021-07-15 |
| 10 | 201847034656-ABSTRACT [06-11-2020(online)].pdf | 2020-11-06 |
| 10 | 201847034656-COMPLETE SPECIFICATION [14-09-2018(online)].pdf | 2018-09-14 |
| 11 | 201847034656-CLAIMS UNDER RULE 1 (PROVISIO) OF RULE 20 [14-09-2018(online)].pdf | 2018-09-14 |
| 11 | 201847034656-CLAIMS [06-11-2020(online)].pdf | 2020-11-06 |
| 12 | 201847034656-COMPLETE SPECIFICATION [06-11-2020(online)].pdf | 2020-11-06 |
| 12 | Abstract_201847034656.jpg | 2018-09-17 |
| 13 | 201847034656-DRAWING [06-11-2020(online)].pdf | 2020-11-06 |
| 13 | Correspondence by Agent_Form1_18-09-2018.pdf | 2018-09-18 |
| 14 | 201847034656-FER_SER_REPLY [06-11-2020(online)].pdf | 2020-11-06 |
| 14 | 201847034656.pdf | 2018-09-26 |
| 15 | 201847034656-FORM 3 [06-11-2020(online)].pdf | 2020-11-06 |
| 15 | 201847034656-RELEVANT DOCUMENTS [28-09-2018(online)].pdf | 2018-09-28 |
| 16 | 201847034656-Information under section 8(2) [06-11-2020(online)].pdf | 2020-11-06 |
| 16 | 201847034656-MARKED COPIES OF AMENDEMENTS [28-09-2018(online)].pdf | 2018-09-28 |
| 17 | 201847034656-OTHERS [06-11-2020(online)].pdf | 2020-11-06 |
| 17 | 201847034656-AMMENDED DOCUMENTS [28-09-2018(online)].pdf | 2018-09-28 |
| 18 | 201847034656-Amendment Of Application Before Grant - Form 13 [28-09-2018(online)].pdf | 2018-09-28 |
| 18 | 201847034656-FER.pdf | 2020-08-06 |
| 19 | 201847034656-FORM 3 [10-01-2020(online)].pdf | 2020-01-10 |
| 19 | 201847034656-FORM 3 [12-02-2019(online)].pdf | 2019-02-12 |
| 20 | 201847034656-FORM 3 [10-01-2020(online)].pdf | 2020-01-10 |
| 20 | 201847034656-FORM 3 [12-02-2019(online)].pdf | 2019-02-12 |
| 21 | 201847034656-Amendment Of Application Before Grant - Form 13 [28-09-2018(online)].pdf | 2018-09-28 |
| 21 | 201847034656-FER.pdf | 2020-08-06 |
| 22 | 201847034656-AMMENDED DOCUMENTS [28-09-2018(online)].pdf | 2018-09-28 |
| 22 | 201847034656-OTHERS [06-11-2020(online)].pdf | 2020-11-06 |
| 23 | 201847034656-Information under section 8(2) [06-11-2020(online)].pdf | 2020-11-06 |
| 23 | 201847034656-MARKED COPIES OF AMENDEMENTS [28-09-2018(online)].pdf | 2018-09-28 |
| 24 | 201847034656-RELEVANT DOCUMENTS [28-09-2018(online)].pdf | 2018-09-28 |
| 24 | 201847034656-FORM 3 [06-11-2020(online)].pdf | 2020-11-06 |
| 25 | 201847034656-FER_SER_REPLY [06-11-2020(online)].pdf | 2020-11-06 |
| 25 | 201847034656.pdf | 2018-09-26 |
| 26 | 201847034656-DRAWING [06-11-2020(online)].pdf | 2020-11-06 |
| 26 | Correspondence by Agent_Form1_18-09-2018.pdf | 2018-09-18 |
| 27 | 201847034656-COMPLETE SPECIFICATION [06-11-2020(online)].pdf | 2020-11-06 |
| 27 | Abstract_201847034656.jpg | 2018-09-17 |
| 28 | 201847034656-CLAIMS UNDER RULE 1 (PROVISIO) OF RULE 20 [14-09-2018(online)].pdf | 2018-09-14 |
| 28 | 201847034656-CLAIMS [06-11-2020(online)].pdf | 2020-11-06 |
| 29 | 201847034656-ABSTRACT [06-11-2020(online)].pdf | 2020-11-06 |
| 29 | 201847034656-COMPLETE SPECIFICATION [14-09-2018(online)].pdf | 2018-09-14 |
| 30 | 201847034656-DECLARATION OF INVENTORSHIP (FORM 5) [14-09-2018(online)].pdf | 2018-09-14 |
| 30 | 201847034656-FORM 3 [15-07-2021(online)].pdf | 2021-07-15 |
| 31 | 201847034656-FORM 3 [07-02-2022(online)].pdf | 2022-02-07 |
| 31 | 201847034656-DRAWINGS [14-09-2018(online)].pdf | 2018-09-14 |
| 32 | 201847034656-FORM 3 [23-02-2023(online)].pdf | 2023-02-23 |
| 32 | 201847034656-FORM 1 [14-09-2018(online)].pdf | 2018-09-14 |
| 33 | 201847034656-US(14)-HearingNotice-(HearingDate-29-11-2023).pdf | 2023-11-03 |
| 33 | 201847034656-FORM 18 [14-09-2018(online)].pdf | 2018-09-14 |
| 34 | 201847034656-POWER OF AUTHORITY [14-09-2018(online)].pdf | 2018-09-14 |
| 34 | 201847034656-Correspondence to notify the Controller [27-11-2023(online)].pdf | 2023-11-27 |
| 35 | 201847034656-PROOF OF RIGHT [14-09-2018(online)].pdf | 2018-09-14 |
| 35 | 201847034656-FORM-26 [28-11-2023(online)].pdf | 2023-11-28 |
| 36 | 201847034656-Written submissions and relevant documents [14-12-2023(online)].pdf | 2023-12-14 |
| 36 | 201847034656-REQUEST FOR EXAMINATION (FORM-18) [14-09-2018(online)].pdf | 2018-09-14 |
| 37 | 201847034656-PatentCertificate15-12-2023.pdf | 2023-12-15 |
| 37 | 201847034656-STATEMENT OF UNDERTAKING (FORM 3) [14-09-2018(online)].pdf | 2018-09-14 |
| 38 | 201847034656-IntimationOfGrant15-12-2023.pdf | 2023-12-15 |
| 38 | 201847034656-TRANSLATIOIN OF PRIOIRTY DOCUMENTS ETC. [14-09-2018(online)].pdf | 2018-09-14 |
Search Strategy
| 1 | Searchstrategy_201847034656E_13-07-2020.pdf |