With a recent advance of network technology and rapidly expanded use of the world wide web (WWW) as a distribution system on the Internet, servers that provide various services are increasing at a considerable pace. At the same time, unauthorized access is also increasing rapidly with the increase of such servers.
To cope with a problem of the unauthorized access, an unauthorized-access detecting tool to detect the unauthorized access is currently in use. The unauthorized-access detecting tool adopts a detection rule for detecting an unauthorized process request from a client, with which the unauthorized-access detecting tool detects an unauthorized access by comparing the detection rule and the process request from the client. For example, the detection rule includes detecting a homepage access request with an extremely long URL that does not actually exist, a collation request of an extremely long character string that is meaningless, an input of an incorrect password, and the like.
However, in the conventional technology for judging unauthorized access, a judgment for the unauthorized access is performed for each of the process requests, and it may cause many cases in which the judgment between a proper access and an improper access cannot be made. For example, it is impossible to judge whether an improper password is an attempt for the unauthorized access, or simply a mistake in inputting the password by an authorized user.
If all of the input of the incorrect password is judged as the unauthorized access, there will be many detection mistakes such as judging the authorized access as the unauthorized access. On the other hand, if all of the input of the incorrect password is judged not to be the unauthorized access, the unauthorized access cannot be detected until actual intrusion and attack occur.
There is an unauthorized-access judging technology in which index of server load condition and the like are monitored, and when a value of the index deviates from acceptable values, it is judged that there is the unauthorized access. However, in this unauthorized access judging technology, it is difficult to determine the acceptable values of the index.