A conventional attack detection system checks how a packet operates on a verification network, the packet being detected by a security apparatus and suspected to be an attack packet. Then, the conventional attack detection system determines whether or not the packet is the attack packet (for example, Patent Literature 1).