Conventionally, in order to defend against cyber attacks, devices, such as firewalls and Web application firewalls (WAFs), have been statically provided, and defensive measures have been implemented at these points, based on preset rules, such as blacklists and signatures.
A conventional process, in which a dealing point is determined, will be described by used of FIG. 12. In an example of FIG. 12, an attacker is attacking a Web server 40H via an external network (NW) 40A, a data center (DC) NW 40B, a virtual firewall (FW) 40C, a virtual NW 40D, a virtual load balancer (LB) 40E, a virtual NW 40F, and a virtual WAF 40G. The DCNW 40B is connected to, not only the virtual FW 40C, but also a virtual NW 401 and a virtual NW 40J.
As exemplified by FIG. 12, for example, plural rules 1 to 3 have been defined as individual rules, which have been defined beforehand for attacks to be dealt with. If there is a cyber attack, the rule 3, which matches information related to the attacker, the victim, the type of attack, the effective dealing function, and the like (written as “cyber attack information” in FIG. 12), is identified. As a dealing point corresponding to the rule 3, a dealing point 3 is selected, and a dealing function of that dealing point is determined to be executed.
Further, as a technique for defending against cyber attacks by determination of dealing points against the cyber attacks, a technique has been known, in which a firewall near the attacker is searched for by attack traffic being traced, and defense against the attack is implemented upstream thereof. For example, a technique has been known, in which: as a first measure against occurrence of a denial of service (DOS) attack or the like, an attack is blocked by use of a dedicated FW at a detected location; and as a second measure, a dedicated FW near the attacker is searched for by traffic being traced, and the attack is blocked at a dealing point near the attacker upstream in the traffic (see for example, Non-Patent Literature 1).
As a method of defending against cyber attacks, a technique has been known, in which defense against cyber attacks is implemented by security policy in devices being dynamically changed and dynamic access control over Bayesian spam filters and ranges being executed (see, for example, Non-Patent Literature 2).