In a peer-to-peer communication mode in a computer network, fixed clients and servers are not present, and data is directly exchanged between hosts. In contrast to client-server communication in which loads tend to be concentrated on the server, the peer-to-peer communication method has an advantage that loads can easily be distributed. Thus, this method is widely used for exchanging and circulating files through a network. The peer-to-peer communication itself is an excellent technique. Nevertheless, this method is employed in so-called file-swapping software, and hence is considered to be a hotbed for unauthorized contents distribution including copyright infringement. Further, problems, such as spreading of virus infection through peer-to-peer communication and leakage of confidential information or personal information caused by viruses that expose information, arise frequently. Thus, countermeasures against these problems are desired urgently.
In the prior art, several mechanisms are available for monitoring and controlling peer-to-peer communication on a network. These mechanisms perform detection on the basis of patterns (signatures) specific to known peer-to-peer communication. Nevertheless, these patterns need to be generated one by one on the basis of analysis performed by experts who have the required skills. Thus, in practice, peer-to-peer communication software whose new types appear every day cannot be addressed sufficiently.
Furthermore, in general, also in detection of computer viruses, detection methods are employed that are based on patterns that define features of files infected with viruses. Nevertheless, new viruses appear every day, and pattern generation is repeated endlessly. Thus, as a detection method not based on patterns, for example, U.S. Pat. No. 7,159,149 discloses a worm detection method that detects when connection failures of a host exceed a threshold value and then determine whether or not the detected host is infected with a worm.
In view of the present situation that generation of new patterns used for detection of peer-to-peer communication cannot keep up with the appearance of new software, a technique is desired for detecting peer-to-peer communication not based on patterns. Nevertheless, it is not easy to detect peer-to-peer communication without relying on patterns.