1. Field of the Invention
The present invention relates to a communication error detection apparatus which receives packet signals from communication networks and analyzes information contained in the packet signals so as to detect errors which may have occurred in the communication networks.
2. Description of the Related Art
Computers connected to external communication networks such as Internet etc. are unfortunately infected by a malevolent program such as a computer worm. In addition, the computers infected by the worm attack a specific server, which is referred to as a DDoS (Distributed Denial of Service) attack. Recently, the malevolent program infections have been a more significant problem as the communication networks are widely used and communication traffic increases. For solving these problems, a method of acquiring information contained in packet signals over the long term is recently utilized by providing an apparatus capable of detecting errors in communication networks at a specific place of the communication networks. In the method, means for analyzing information acquired over the long term, identifying a normal communication state on the basis of the analysis result, and thus detecting errors in the communication networks on the basis of the normal communication state are utilized.
Technology, which detects errors in communication networks, is disclosed in “Integrated Analysis Architecture for Wide-area Security Monitoring, Takemori, Yamada, and Miyake, The 2006 Symposium on Cryptography and Information Security Hiroshima, Japan, Jan. 17-20, 2006, The Institute of Electronics, Information and Communication Engineers (document D1)”. In document D1, by installing a plurality of monitoring apparatuses, each of which is capable of monitoring information transmitted in communication networks, in wide areas of the communication networks, the information monitored by the monitoring apparatuses is integrally analyzed, so that errors in the communication networks are effectively detected.
However, as disclosed in section 4. 1.1 of document D1, the detected errors are analyzed by comparing statistical data which are acquired just before the detection of the errors by the monitoring apparatuses with statistical data acquired from a previous week. Accordingly, it is necessary to accumulate communication information during at least one week after the monitoring apparatuses are initially installed on the communication networks, thus causing a problem that errors in the communication networks during the one week are not detected.
The monitoring apparatus disclosed in document D1 has another problem. When a connection configuration of the communication networks is definitely changed, the monitoring apparatus keeps indicating an analysis result of error even though a communication state of the communication networks is normal. This is because the communication state before the change of the connection configuration is different from that after the change of the connection configuration.