In the prior art, a method has been proposed in which concern index values are assigned to flows between hosts on a network, and an alarm is issued if the accumulated concern index values exceed a threshold value (see the specifications of U.S. Pat. No. 7,475,426 and U.S. Pat. No. 7,185,368).
Furthermore, various methods for detecting so-called “Drive-by Download” attacks by analyzing traffic, have been proposed (see Yasutaka SHINDO, (and 3 others), “Drive-by Download attack detection method based on file type transfers in malware infection step”, [online], 15 Oct. 2014, Information Processing Society of Japan, [retrieved 15 Dec. 2014], Internet <URL:https://ipsj.ixsq.nii.ac.jp/ej/?action=pages_view_main&ac tive_action=repository_view_main_item_detail&item_id_106598&it em_no=1&page_id=13&block_id=8> and Takashi MATSUNAKA, (and 2 others), “Proposed malicious site detection method based on analysis of Web link structures using Web Access log in Drive-by Download attack countermeasure framework”, [online], 15 Oct. 2014, Information Processing Society of Japan, [retrieved 15 Dec. 2014], Internet <URL:https://ipsj.ixsq.nii.ac.jp/ej/?action=pages_view_main&ac tive_action=repository_view_main_item_detail&item_id_106596&it em_no=1&page_id=13&block_id=8>).