Conventionally, the majority of unauthorized login attacks have been those carried out by a round robin method, which is called brute force attack, such as: those carried out through a round robin of ID/password (ID/PWD) combinations; or those carried out by preparation of a particular word dictionary and a round robin therethrough. Brute force attack is characterized in that the number of authentication requests per time becomes extremely high, or many traces of authentication failure are left, and thus unauthorized login attacks have been detected according to the presence or absence of such characteristics, under the conventional technology.