A large volume of data communication and processing occurs in a variety of information systems utilizing an information communication network such as the Internet (hereinafter referred to simply as “network”). Problems may develop, however, such as unauthorized access of a server or equipment such as various terminal devices operating on a network, unauthorized information leaks from a server, or the like.
For instance, it is preferable to monitor data communications in real time in order to suppress damage due to unauthorized communications without needing to investigate a communication lot after the fact. Conventional techniques for doing so have been disclosed. For example, JP 2007-536646 discloses collecting security events from various monitoring devices, storing security events, providing a subset of the stored security events to a manager as an event stream, and having the manager discover one or more unknown event patterns in the event stream.
Conventionally, corresponding processing may be performed by monitoring communications on a server on a network, and detecting unauthorized access or the sending and receiving of data. Monitoring may be performed at a central location when multiple servers are taken as targets to be monitored.
Patent Document 1: JP 2007-536646