JP4837106B2 - COMMUNICATION DATA MONITORING DEVICE, COMMUNICATION DATA MONITORING METHOD, AND PROGRAM - Google Patents

Description

  The present invention examines information received or transmitted via the Internet, restricts access to Web pages that are considered harmful, and prevents unauthorized access or unintentional information leakage. The present invention relates to a data monitoring apparatus and method.

  In recent years, there have been increasing opportunities to use the Internet to provide various types of information and various services. Each of these users accesses a web page provided by the user, but the problem is that not all of them provide sound information and services.

  For example, it provides information that is highly illegal or generally considered harmful, or is recorded in a computer like a computer virus or a program or spyware that gets into other people's computers without permission. There are Web pages that provide information incorporating a program that collects personal information.

  Furthermore, there are cases where personal information and confidential information transmitted through a Web page are illegally obtained by being guided to a fake site and further illegally used.

  Therefore, measures to limit the browsing of highly illegal information and information that is generally considered harmful (hereinafter referred to as harmful information), or to restrict access to such unreliable web pages in the first place. Has become necessary.

  In the prior art, in order to limit browsing of harmful information, a filtering device that controls display of a specific Web page is installed between information on the Internet and users of the Internet.

  In general, a filtering device registers a list of keywords to be restricted in advance, a URL (Uniform Resource Locator) list called a black list, or a list called a white list, and information on packets flowing through the network. As a result of checking, if they match, the display and access of the Web page are controlled.

  Furthermore, since it may be a problem in practice if the determination is made based only on the matching of the keywords, a technique for evaluating after evaluating the importance and the reliability of the transmission destination is proposed in Patent Document 1.

  On the other hand, in the technique disclosed in Patent Document 1, as a method of obtaining URL information to be placed on a black list or white list, an administrator or an expert evaluates and registers the contents of a Web page each time. However, since this method does not match the actual situation if the Web pages continue to increase and continue to be updated, a technique for efficiently collecting is proposed in Patent Document 2.

JP 2004-139178 A JP 2003-256469 A

  In the technique proposed in Patent Document 2, those using filtering devices form a network, and each user registers or updates to a blacklist or whitelist, and tries to share the information. .

  However, even with this technology, it is the user who decides whether or not to put on the blacklist or whitelist, and the administrator only replaces the user, and the burden on the user is not reduced. Absent.

  Furthermore, there is no remedy method when a user mistakenly registers in the black list or white list, or when a malicious URL information provider registers.

  Further, for example, once registered in the excellent content URL list (white list), even if it is changed to a Web page including harmful information at a certain time, there is a restriction until it is registered in the black list. However, there is a problem that inappropriate information is provided.

  The present invention has been made to solve the above-described problems, and the object of the present invention is to perform temporary reliability evaluation according to the level of communication information for each Web page, and continuously By evaluating the reliability, it is possible to manage the blacklist and whitelist according to the actual situation while reducing the burden on the administrator, and further use the results to restrict access and leak information unintended by the user. It is to provide a mechanism to prevent.

  The present invention relates to a communication data monitoring apparatus for monitoring data communicated between a client terminal and a Web server that is a data transmission destination, for evaluating the reliability of the transmission destination of the data transmitted from the client terminal. A reliability evaluation rule storage means for storing a plurality of reliability evaluation rules and an importance level for determining which reliability evaluation rule to use from among the plurality of reliability evaluation rules, and transmitted from the client terminal The information is classified into the information type from the transmission information level storage means for storing the definition information in which the importance level is defined for each information type for classifying the information included in the data to be transmitted, and the data transmitted from the client terminal Information type detecting means for detecting information and the information type based on the definition information stored in the transmission information level storage means; A transmission information level determination unit that determines the importance level of the data from the information type of the information detected by the output unit, and a reliability evaluation of the transmission destination according to the importance level determined by the transmission information level determination unit The reliability evaluation rule determining means for determining the reliability evaluation rule to be used from the plurality of reliability evaluation rules stored in the reliability evaluation rule storage means, and the reliability evaluation rule determining means In accordance with a reliability evaluation rule, a temporary reliability value calculation unit that calculates a temporary reliability value of a transmission destination of the data transmitted from the client terminal, and a temporary value of the transmission destination calculated by the temporary reliability value calculation unit Determining means for deciding whether or not to permit the transmission of the data based on the statistical confidence value, and allowing the transmission of the data by the deciding means If it is a constant transmitted the data, when it is determined not to allow the transmission of said data, characterized in that it comprises interrupting the transmission control means the transmission of said data by said determining means.

  According to the present invention, after evaluating the temporary reliability according to the level of communication information for each Web page, the continuous reliability is evaluated, so that a black list or white list in accordance with the actual situation can be obtained. Management can be performed while reducing the burden on the administrator, and the results can be used to restrict access and prevent leakage of information unintended by the user.

1 is a system configuration diagram illustrating a configuration example of a system to which an information processing apparatus according to an embodiment of the present invention is applicable. It is a block diagram which shows the hardware constitutions of the relay server 101 shown in FIG. It is a flowchart which shows an example of the 1st control processing procedure in this invention. It is a flowchart which shows an example of the 2nd control processing procedure in this invention. It is a flowchart which shows an example of the 3rd control processing procedure in this invention. It is a flowchart which shows an example of the 4th control processing procedure in this invention. It is a flowchart which shows an example of the 5th control processing procedure in this invention. It is a flowchart which shows an example of the 6th control processing procedure in this invention. It is a flowchart which shows an example of the 7th control processing procedure in this invention. It is a figure which shows an example of the transmission destination reliability value table used by this invention. It is a figure which shows an example of the transmission information level table used by this invention. It is a figure which shows an example of the reliability evaluation rule used by this invention. It is a figure which shows the example which displayed the time series data of the reliability value in this invention in the line graph format. It is a figure which shows an example of the calculation formula used by this invention. It is a figure explaining the memory map of the recording medium (storage medium) which stores the various data processing program which can be read by the information processing apparatus (relay server 101) based on this invention.

  Hereinafter, the present invention will be described in detail according to preferred embodiments with reference to the accompanying drawings.

  FIG. 1 is a system configuration diagram illustrating a configuration example of a system to which an information processing apparatus according to an embodiment of the present invention can be applied.

  As shown in FIG. 1, the system according to the present embodiment includes a mail server 104, a Web server 105, client terminal devices 102a and 102b, an administrator terminal device 107, and a relay server that functions as an information processing device according to the present embodiment. 101. Hereinafter, those constituting the system according to the present embodiment will be described.

  The client terminal devices 102 a and 102 b are used for accessing the Web server 105 via the relay server 101 and the wide area network 106 and browsing a desired Web page among various Web pages provided by the Web server 105. It is.

  The administrator terminal device 107 accesses the relay server 101 to perform control operations and settings performed by the relay server 101, or transmits an HTTP message transmitted from the client terminal devices 102a and 102b and stored in the relay server 101 to the administrator. Is used for setting and browsing so that can be browsed.

  The Web server 105 performs the same operation as that of a Web server provided in a general provider, and makes a request to the client terminal devices 102a and 102b that have accessed through the relay server 101 and the wide area network 106. A corresponding Web page is provided.

  The relay server 101 is for relaying data communication between the client terminal devices 102 a and 102 b and the Web server 105. The client terminal devices 102a and 102b access a Web page provided by the Web server 105, browse information on this Web page, register various services, create, save, and send e-mail (Web mail). When the operation instruction is input, the relay server 101 receives the operation instruction and executes various processes according to the received operation instruction. Details of the processing performed by the relay server 101 will be described later.

  The wide area network 106 is a network represented by the Internet. Reference numeral 103 denotes a network such as a LAN or the Internet.

  FIG. 2 is a block diagram showing a hardware configuration of the relay server 101 shown in FIG.

  In FIG. 2, reference numeral 201 denotes a CPU that controls the entire relay server 101 using programs and data stored in a RAM 202 and a ROM 203, and executes each process described later performed by the relay server 101.

  A RAM 202 temporarily stores programs and data loaded from the HDD (hard disk drive) 204 and the storage medium drive 206, programs and data received from the outside via the network I / F (interface) 205, and the like. And various areas such as a work area used when the CPU 201 executes various processes can be provided as appropriate.

  A ROM 203 stores setting data of the relay server 101, a boot program, and the like.

  Reference numeral 204 denotes an HDD, which stores an OS (Operating System) and programs and data for causing the CPU 201 to execute processes described later performed by the relay server 101. These are loaded into the RAM 202 as appropriate under the control of the CPU 201. , The processing target by the CPU 201.

  Reference numeral 205 denotes a network I / F for connecting the relay server 101 to the network 103 and the wide area network 106. The relay server 101 is connected to the network 103 and the wide area network 106 via the network I / F 205. Data communication can be performed with each connected device.

  Reference numeral 206 denotes a storage medium drive that reads programs and data recorded on a storage medium such as a CD-ROM, CD-R / RW, DVD-ROM, DVD-R / RW, and DVD-RAM, and outputs them to the RAM 202 and HDD 204. To do. A part of the information held in the HDD 204 may be stored in this storage medium.

  Reference numeral 207 denotes a keyboard, and 208 denotes a pointing device configured by a mouse, a joystick, and the like. Various instructions can be input to the CPU 201 by an operator of the relay server 101.

  A display unit 209 includes a CRT, a liquid crystal screen, and the like, and can display a processing result by the CPU 201 using an image, text, or the like.

  Reference numeral 210 denotes an external device connection I / F, which is a port for connecting peripheral devices to the relay server 101. The relay server 101 transmits / receives data to / from this peripheral device via the external device connection I / F 210. The external device connection I / F 210 is configured by USB, IEEE 1394, or the like, and usually has a plurality of external device I / Fs. The connection form with the peripheral device may be wired or wireless.

  A bus 211 connects the above-described units.

  Note that the hardware configuration of the relay server 101 is described as having the configuration illustrated in FIG. 2, but is not necessarily limited to having the configuration illustrated in FIG. 2. The following processing described as processing performed by the relay server 101 is described below. If the configuration is executable, the configuration of the relay server 101 may be modified as appropriate.

  Further, the hardware configurations of the client terminal devices 102a and 102b, the manager terminal device 107, the Web server 105, and the mail server 104 will be described. Since a general computer is applied to these, as shown in FIG. The configuration shown in FIG.

  Next, when the client terminal devices 102a and 102b access the Web provided by the Web server 105 via the relay server 101 and the wide area network 106 and instruct creation, storage, transmission, etc. of information on the Web page. The processing performed by the relay server 101 will be described below with reference to FIG. 3 showing a flowchart of the processing.

  FIG. 3 is a flowchart showing an example of a first control processing procedure according to the present invention, and corresponds to the processing performed by the relay server 101. Note that programs and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are stored in the HDD 204, which are loaded into the RAM 202 according to the control of the CPU 201, and are processed by the CPU 201 using the loaded programs and data. By performing the above, the relay server 101 executes each process described below. In the figure, S301 to S316 indicate each step.

  In the following description, the client terminal devices 102a and 102b are collectively referred to as the client terminal device 102.

  In addition, here, the processing is mainly described as being performed by the relay server 101. However, the processing may be performed by the client terminal apparatus 102, or the relay server 101 and the client terminal apparatus 102 may perform processing in a shared manner. .

  As described above, the client terminal device 102 is accessing a Web page at the time of starting processing according to the flowchart of FIG. 1, and browsing of information, Internet shopping, application for various services on this Web page, or Operational instructions such as creation, storage, and transmission of electronic mail (Web mail) are possible.

  For example, a web page screen is displayed on the display screen of the display device included in the client terminal device 102, and an area or screen for displaying information such as characters and photographs on the web page for browsing information A button image for transition is provided.

  In addition, a web page for applying for Internet shopping and various services is provided with an area for describing a name, an address, a credit card number, a button image for selecting a purchased product, and the like.

  In the Web mail service, an area for specifying an e-mail transmission destination (TO, CC, BCC), an area for describing an e-mail body, a created e-mail can be stored in the Web server 105, A button image or the like is provided for designating a file to be sent or attached to the e-mail.

  The relay server 101 is in a standby state so that any instruction may be transmitted from the client terminal device 102. When an instruction from a Web page is input on the client terminal device 102 side, for example, when a button image for instructing screen transition or data registration is instructed on the client terminal device 102 side, the client terminal device 102 side From the terminal device 102, an HTTP relay packet (HTTP data) including the instructed content is transmitted to the relay server 101.

  When the CPU 201 of the relay server 101 detects reception of HTTP data via the network I / F 205, the CPU 201 performs processing to store it in the RAM 202 or the HDD 204. This storing process is performed until reception of all the transmitted HTTP data is completed.

  When all HTTP data (all HTTP data transmitted from the client terminal device 102 when one instruction regarding screen transition or data registration is input on the client terminal device 102 side) is received, the relay server The CPU 201 of 101 advances the processing to step S301, performs transmission information determination processing, and calculates the transmission information level from the transmission information together with the transmission destination information (for example, transmission destination URL) (details are shown in FIG. 5).

  Next, in step S302, the CPU 201 of the relay server 101 refers to the transmission destination reliability value table (FIG. 10) in which the URL transmitted in the past and the reliability value stored in the HDD 204 are associated with each other, and is obtained in step S301. It is searched whether there is information on the destination URL. FIG. 10 is a diagram showing an example of the transmission destination reliability value table used in the present invention. This transmission destination reliability value table is updated by reliability evaluation processing (step S304 or step S308) described later. That is, URLs transmitted in the past are stored in the transmission destination reliability value table.

  When the CPU 201 of the relay server 101 determines that the transmission destination URL is in the transmission destination reliability value table (FIG. 10) (that is, the transmission destination URL is a URL that has been transmitted in the past), that is, step S302. In the case of “Yes”, the CPU 201 of the relay server 101 advances the processing to step S303 and performs a blacklist matching process.

  In step S303, the CPU 201 of the relay server 101 refers to a blacklist management table (not shown) stored in the HDD 204 and searches for the destination URL information obtained in step S301. Note that the black list management table may be in the format shown in the prior art.

  If the CPU 201 of the relay server 101 determines from the search result in step S303 that the destination URL is not registered in the black list, that is, if “No” in step S303, the process proceeds to step S304. Then, a reliability evaluation process including a temporary reliability evaluation and a continuous reliability evaluation is performed (details are shown in FIG. 6). In addition, the comprehensive reliability value (A) mentioned later is calculated by this process.

  Next, in step S305, the CPU 201 of the relay server 101 compares the total reliability value (A) calculated in step S306 with the determination reference value stored in advance in the HDD 204, and is below the determination reference value. If it is determined, the process proceeds to step S311. On the other hand, if it is determined that the value exceeds the reference value, the data of the HTTP packet received by the relay server 101 is passed, and the process of this flowchart is terminated. .

  The above is a description of processing when an HTTP packet is sent to a destination having no problem.

  Next, a case where an HTTP packet is sent to the first transmission destination will be described.

  In this case, that is, in step S302, if it is determined that the transmission destination URL is not stored in the transmission destination reliability value table (FIG. 10), that is, if “No” in step S302, the CPU 201 of the relay server 101 performs step The process proceeds to S313.

  In step S313, the CPU 201 of the relay server 101 transmits an HTTP packet that instructs the client terminal apparatus 102 to display a destination unregistered warning. When the client terminal apparatus 102 detects reception of the HTTP data, the client terminal apparatus 102 displays warning information that is not registered as a transmission destination on a Web page on the display screen of the display apparatus.

  Next, in step S314, the CPU 201 of the relay server 101 sets the level of transmission information and returns “transmission permitted” / “transmission disabled” (details are shown in FIG. 4).

  In step S315, the CPU 201 of the relay server 101 determines whether or not “transmission permitted” is set in the setting process in step S314. If it is determined that “transmission permitted” is set, that is, “yes” in step S315. In this case, the process proceeds to step S304.

  On the other hand, if it is determined in the setting process in step S314 that “transmission is impossible”, that is, if “no” in step S315, the CPU 201 of the relay server 101 advances the process to step S316.

  In step S <b> 316, the CPU 201 of the relay server 101 discards the HTTP packet data received by the relay server 101 and transmits an HTTP packet that instructs the client terminal apparatus 102 to display that the setting process has not been completed. When the client terminal apparatus 102 detects the reception of the HTTP data, the client terminal apparatus 102 displays warning information indicating that the setting process has not been completed on the Web page on the display screen of the display apparatus. Then, the CPU 201 of the relay server 101 ends the processing of this flowchart.

  Here, the process of step S314 will be described in detail with reference to the flowchart of FIG.

  FIG. 4 is a flowchart showing an example of a second control processing procedure according to the present invention, and corresponds to the transmission information level setting processing shown in step S314 of FIG. Note that programs and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are stored in the HDD 204, which are loaded into the RAM 202 according to the control of the CPU 201, and are processed by the CPU 201 using the loaded programs and data. By performing the above, the relay server 101 executes each process described below. In the figure, S401 to S404 indicate each step.

  First, in step S401, the CPU 201 of the relay server 101 determines whether or not the transmission information level setting by the user is permitted when an HTTP packet is sent to the first transmission destination. It is assumed that whether or not the transmission information level setting by the user is permitted is set in advance by the administrator and stored in the HDD 204.

  If it is determined in step S401 that the user is permitted to set the level of transmission information, that is, if “Yes” in step S401, the process proceeds to step S402.

  In step S <b> 402, the CPU 201 of the relay server 101 transmits an HTTP packet that instructs the client terminal apparatus 102 to display a screen that accepts an input of a transmission information level setting. Upon detecting reception of the HTTP data, the client terminal device 102 receives an input of transmission information level setting, and transmits an HTTP packet instructing new registration setting to the relay server 101 using the input value and a transmission destination URL. The relay server 101 receives this instruction, newly adds it to the transmission information level table (FIG. 11), and stores it in the HDD 204.

  Note that the transmission information level setting method in step S402 is selected from the existing definition levels “confidential”, “high”, “medium”, “low”, and “public”.

  Next, in step S403, the CPU 201 of the relay server 101 transmits the setting contents to the manager terminal device 107, enables transmission of the corresponding transmission information, and ends the processing of this flowchart.

  As for the new registration setting stored in the HDD 204 in step S402, an instruction to display each information on the screen of the display unit 209 and to delete it from the administrator terminal device 107 is requested by a request from the administrator terminal device 107. Then, the CPU 201 of the relay server 101 deletes the corresponding registration information from the transmission information level table.

  On the other hand, if it is determined in step S401 that the transmission information level setting by the user is not permitted, that is, if “No” in step S401, the CPU 201 of the relay server 101 proceeds to step S404 and performs undefined. The contents of the transmission information are transmitted to the manager terminal device 107, the corresponding transmission information is disabled, and the processing of this flowchart ends.

  Hereinafter, returning to the flowchart of FIG. 3, a case where the transmission destination is on the black list will be described.

  In this case, that is, if “Yes” in step S303, the CPU 201 of the relay server 101 advances the processing to step S306, and transmits an HTTP packet instructing warning display to the client terminal apparatus 102. When the client terminal apparatus 102 detects reception of HTTP data, the client terminal apparatus 102 displays warning information that is transmission to the blacklist destination on the display screen of the display apparatus.

  At this time, in step S307, the CPU 201 of the relay server 101 determines whether or not the setting for performing the reliability reevaluation is performed. It is assumed that the setting as to whether or not this reliability reevaluation is performed is made in advance by an administrator and stored in the HDD 204.

  If it is determined in step S307 that the setting for performing the reliability reevaluation has not been made, that is, if “no” in step S307, the process proceeds to step S316.

  On the other hand, if it is determined in step S307 that the setting to perform reliability reevaluation is made (initial setting), that is, if “Yes” in step S307, the process proceeds to step S308.

  In step S308, the CPU 201 of the relay server 101 performs the reliability evaluation process including the temporary reliability evaluation and the continuous reliability evaluation again (details are shown in FIG. 6). By this process, the transmission destination reliability value table (FIG. 10) is updated.

  Next, in step S309, the CPU 201 of the relay server 101 controls the black list and returns “transmission permitted” / “transmission disabled” (details are shown in FIG. 9).

  In step S310, the CPU 201 of the relay server 101 determines whether or not “transmission permitted” is determined as a result of the blacklist control in step S309, and if it is determined that “transmission is not permitted”, that is, in step S310. If “no”, the process proceeds to step S316.

  On the other hand, if it is determined in step S310 that the transmission is permitted as a result of the blacklist control in step S309, that is, if “Yes” in step S310, the CPU 201 of the relay server 101 receives the data of the received HTTP packet. And the process of this flowchart is terminated.

  Next, a description will be given of a case where the transmission destination URL is not in the black list but does not satisfy the reliability value required as the content of the information to be transmitted.

  In this case, that is, in the case of “No” in step S 305, in step S 311, the CPU 201 of the relay server 101 and the total reliability value (A) calculated in step S 304 and the total when the previous transmission is stored in the HDD 204. The relationship with the confidence value (B) is obtained. Here, the rate of change (1-B / A) is obtained, but the present invention is not limited to this, and any value may be used as long as it indicates a change in the total reliability value from the previous transmission. Then, the CPU 201 of the relay server 101 compares this result with the reliability value decrease determination reference value stored in the HDD 204, and when it is determined that the value exceeds the reference value, that is, in the case of “No” in step S311. Then, the process proceeds to step S316.

  On the other hand, if it is determined in step S311 that the rate of change (1-B / A) between the total confidence value (A) and the total confidence value (B) is equal to or less than the reference value, that is, if “yes” in step S311 The CPU 201 of the relay server 101 advances the process to step S312.

  In step S312, the CPU 201 of the relay server 101 executes blacklist registration processing, and then proceeds to step S316. Note that the processing in step S316 is as described above.

  Next, the processing in step S301 in FIG. 3 will be described in detail with reference to the flowchart in FIG.

  FIG. 5 is a flowchart showing an example of the third control processing procedure in the present invention, and corresponds to the transmission information indexing processing shown in step S301 of FIG. Note that programs and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are stored in the HDD 204, which are loaded into the RAM 202 according to the control of the CPU 201, and are processed by the CPU 201 using the loaded programs and data. By performing the above, the relay server 101 executes each process described below. In the figure, S501 to S503 indicate each step.

  First, in step S501, the CPU 201 of the relay server 101 analyzes the protocol being transmitted to extract a transmission destination (detection of transmission destination), and in step S502, extracts transmission information that is the main body of transmission data (step S502). Detection of transmission information).

  Next, in step S503, the CPU 201 of the relay server 101 tries to detect specific information such as a credit card number or personal information using a known technique such as pattern matching (number n digits, etc.) for transmission information. As a result, for the detected information type, the level is specified with reference to, for example, the transmission information level table shown in FIG. 11 in which the level is defined according to the importance of the transmission information (content) stored in the HDD 204. . Here, when a plurality of information types are detected, the one with the highest level is adopted. From these, the CPU 201 of the relay server 101 sets the transmission destination information and the transmission information level for each transmission information, and advances the process to step S302 in FIG. 3 which is the next process. FIG. 11 is a diagram showing an example of a transmission information level table used in the present invention.

  Next, the processing in step S304 in FIG. 3 or step S308 will be described in detail with reference to the flowcharts in FIGS.

  FIG. 6 is a flowchart showing an example of a fourth control processing procedure in the present invention, and corresponds to the reliability evaluation processing shown in steps S304 and S308 of FIG. Note that programs and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are stored in the HDD 204, which are loaded into the RAM 202 according to the control of the CPU 201, and are processed by the CPU 201 using the loaded programs and data. By performing the above, the relay server 101 executes each process described below. In the figure, S601 to S603 indicate each step.

  First, in step S601, the CPU 201 of the relay server 101 evaluates temporary reliability based on the reliability evaluation rule (FIG. 12), and stores the temporary reliability value in the RAM 202 or HDD 204 (step S601). S602).

  In step S603, the CPU 201 of the relay server 101 performs continuous reliability evaluation that evaluates the continuity of the reliability value from a plurality of continuous temporary reliability values, and calculates an overall reliability value (A).

  The reliability evaluation rule is stored in the HDD 204 as a reliability evaluation rule table determined by setting a corresponding level, basic reliability value, and adjustment width for each evaluation rule as shown in FIG. 12, for example. FIG. 12 is a diagram showing an example of the reliability evaluation rule used in the present invention.

  As shown in FIG. 12, the reliability evaluation rule table defines target information and judgment criteria for judgment, and is as follows, for example.

  There is a method for determining whether the certificate is a trustworthy certificate based on whether it is within the expiration date of the SSL server certificate. At this time, the target information is the expiration date of the SSL server certificate, Judgment criteria are “Today is within the expiration date”. In addition, there is a method for determining whether a certificate is certified by a trusted site. At this time, the target information is “certificate issuer”, and the determination criterion is “white list stored in HDD 204. ”

  There is a method for determining whether “easy encryption has been performed” by checking whether the encryption is not a low bit length in SSL encrypted communication, but at this time, the target information is “bit length” and the determination is made. The standard is “128 bits or more”. Further, there is a method for determining whether or not a low-strength encryption method (DES, etc.) is used. In this case, the target information is “encryption format”, and the determination criterion is “permission stored in HDD 204”. It is in the method list ”.

  There is a method of determining whether to try to send to something other than the intended URI / domain by using the redirect function or the like (without knowing it by the user) depending on whether the destination is being changed. The target information is “transmission destination” and the criterion is “other than URI / domain”. In addition, there is a method of determining whether the displayed content and the domain of the form transmission destination are different, but in this case, the target information is “transmission destination”, and the determination criterion is “no different domain” . As described above, the evaluation rules are determined and stored in the HDD 204 as a reliability evaluation rule table.

  The adjustment range is a value that is referred to when calculating the total confidence value from the continuous confidence value. Specifically, when the continuity is recognized in the confidence value, the confidence value is increased, for example, 105%. On the contrary, when continuity is not recognized, when the confidence value is decreased, for example, the maximum value is 50%. In other words, as with the general trend related to reliability, the increase is slowly increased and the decrease is greatly decreased, so that it is possible to cope with a sudden decrease in the reliability value. However, the above values are examples, and may be changed according to the use environment and the management level.

  Note that the temporary reliability evaluation process in step S601 is calculated based on the evaluation rule corresponding to the level determined from the contents included in the transmission information. For example, the process of the flowchart shown in FIG. Correspond.

  FIG. 7 is a flowchart showing an example of a fifth control processing procedure in the present invention, and corresponds to the temporary reliability evaluation processing shown in step S601 of FIG. Note that programs and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are stored in the HDD 204, which are loaded into the RAM 202 according to the control of the CPU 201, and are processed by the CPU 201 using the loaded programs and data. By performing the above, the relay server 101 executes each process described below. In the figure, S701 to S706 indicate steps.

  First, in step S701, the CPU 201 of the relay server 101 sets the temporary reliability value to “0” as an initialization process, and in step S702, transmits the result of the transmission information indexing process in step S301 shown in FIG. The destination and the transmission information level are stored in the RAM 202.

  Next, in step S703, the CPU 201 of the relay server 101 refers to the reliability evaluation rule table stored in the HDD 204, and extracts an evaluation rule corresponding to each transmission information level stored in step S702 (an evaluation rule list is stored). Take out). For example, when the transmission information level stored in step S702 is “low”, in the example shown in FIG. 12, the evaluation rule “whether an application other than the intended application intends to transmit” is extracted. When the transmission information level is “medium”, the fourth to seventh evaluation rules are extracted in the example shown in FIG. If the transmission information level is “high” or “confidential”, all the evaluation rules are extracted in the example shown in FIG. If the transmission information level is “public”, the evaluation rule is not extracted in the example shown in FIG.

  Next, in step S704, the CPU 201 of the relay server 101 sets one evaluation rule from the evaluation rules extracted in step S703 as a processing target, and determines whether the transmission destination stored in step S702 matches the processing target evaluation rule. To do.

  If it is determined in step S704 that the transmission destination matches the evaluation rule to be processed, that is, if “Yes” in step S704, the CPU 201 of the relay server 101 sets the basic trust value as the temporary trust value in step S705. And the data in the RAM 202 are updated together with the time information and the transmission destination information, and the process proceeds to step S706.

  On the other hand, if it is determined in step S704 that the transmission destination does not match the evaluation rule to be processed, that is, if “NO” in step S704, the CPU 201 of the relay server 101 proceeds to step S706. If it is determined in step S706 that all evaluation rules have been processed, and it is determined that all evaluation rules have not yet been processed, that is, if "no" in step S706, the CPU 201 of the relay server 101 determines in step S704. Return processing to.

  On the other hand, if it is determined that all the evaluation rules have been processed, that is, if “Yes” in step S706, the CPU 201 of the relay server 101 ends the processing of this flowchart.

  For the continuous reliability evaluation process in step S603 of FIG. 6, the continuous reliability value is calculated so as to obtain a tendency of the reliability value in an arbitrary time period continuous from the current time to the past, For example, this corresponds to the processing of the flowchart shown in FIG.

  FIG. 8 is a flowchart showing an example of the sixth control processing procedure in the present invention, and corresponds to the continuous reliability evaluation processing shown in step S603 of FIG. Note that programs and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are stored in the HDD 204, which are loaded into the RAM 202 according to the control of the CPU 201, and are processed by the CPU 201 using the loaded programs and data. By performing the above, the relay server 101 executes each process described below. In the figure, S801 to S806 indicate steps.

  First, in step S801, the CPU 201 of the relay server 101 uses the temporary reliability value T (n) recorded in the RAM 202 in step S602 of FIG. 6 and T (n−1) read from the transmission destination reliability value table of the HDD 204. First, the difference d (n) in the temporary reliability value is obtained by Expression (1) shown in FIG.

  Next, the continuous confidence value C (n) is obtained by Expression (2) shown in FIG.

  Here, T (0) is a temporary reliability value of the current time, and W (k) is a variable representing a duration weight defined so as to increase the element of d (k) as it is closer to the current time. Therefore, it is stored in the HDD 204 in advance.

  Next, in step S <b> 802, the CPU 201 of the relay server 101 determines the previous continuous reliability value C (n) from the continuous reliability value C (n) calculated in step S <b> 801 and the transmission destination reliability value table stored in the HDD 204. -1).

  In step S803, the CPU 201 of the relay server 101 determines whether or not the continuous reliability value C (n) is increased or equivalent to the previous C (n−1) based on the comparison result in step S802. judge.

  If it is determined in step S803 that the continuous confidence value C (n) is increased or equivalent to the previous C (n−1), that is, if “Yes” in step S803, the CPU 201 of the relay server 101 Then, the process proceeds to step S804, and the value of the adjustment width is set (103-107%).

  On the other hand, if it is determined in step S803 that the continuous confidence value C (n) has decreased compared to the previous C (n−1), that is, if “NO” in step S803, the CPU 201 of the relay server 101 The process advances to step S805 to set an adjustment width value (50-95%).

  Each adjustment width set in step S804 or step S805 may be an adjustment width read from the transmission destination reliability value table stored in the HDD 204, or may be temporarily set for the matching evaluation rule m. A function for determining and calculating the ratio of each adjustment width A (m) in accordance with the ratio B (m) / T (n) of each basic confidence value B (m) to the overall confidence value T (n) (FIG. 14). (3)) may be used.

  In step S806, the CPU 201 of the relay server 101 uses the continuous confidence value calculated in step S801 and the adjustment width set in step S804 or step S805 to calculate “continuous reliability value × adjustment width”. Then, the final continuous reliability value is calculated and used as the total reliability value, and the continuous reliability value data in the transmission destination reliability value table stored in the RAM 202 or the HDD 204 is updated.

  Next, the black list control processing in step S309 in FIG. 3 will be described using, for example, the flowchart shown in FIG.

  FIG. 9 is a flowchart showing an example of the seventh control processing procedure in the present invention, and corresponds to the black list control processing in step S309 of FIG. Note that programs and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are stored in the HDD 204, which are loaded into the RAM 202 according to the control of the CPU 201, and are processed by the CPU 201 using the loaded programs and data. By performing the above, the relay server 101 executes each process described below. In the figure, S901 to S906 indicate each step.

  First, in step S901, the CPU 201 of the relay server 101 reads the total confidence value stored in the RAM 202 in step S308 in FIG. 3, and compares the total confidence value with the blacklist deletion reference value stored in the HDD 204 in step S902. Then, it is determined whether or not the overall reliability value exceeds the standard.

  If it is determined in step S902 that the total confidence value is lower than the reference, that is, if “NO” in step S902, the CPU 201 of the relay server 101 sets “transmission impossible” as it is and ends the processing of this flowchart. To do.

  On the other hand, if it is determined in step S902 that the total reliability value exceeds the reference, that is, if “Yes” in step S902, the CPU 201 of the relay server 101 advances the process to step S903.

  In step S <b> 903, the CPU 201 of the relay server 101 determines whether or not deletion authority from the black list is permitted in the black list management table stored in the HDD 204. It is assumed that “permission” / “non-permission” of the authority to delete from the black list is set in advance by the administrator and stored in the HDD 204.

  If it is determined in step S903 that the right to delete from the black list is not permitted, that is, if “NO” in step S903, the CPU 201 of the relay server 101 proceeds to step S904, and the black in the HDD 204 exists. The corresponding transmission destination information is registered in the list removal candidate table, “transmission is impossible”, and the processing of this flowchart ends.

  On the other hand, if it is determined in step S903 that the right to delete from the black list is permitted, that is, if “Yes” in step S903, the CPU 201 of the relay server 101 proceeds to step S905, and the black list is processed. Delete (remove) the corresponding destination information from the management table.

  Next, in step S906, the CPU 201 of the relay server 101 transmits the removal information in step S905 to the manager terminal device 107, displays it (notifies the manager), and sets it as “transmittable”. Exit.

  For the blacklist removal candidate table stored in the HDD 204 in step S904, if an instruction to display or delete each piece of information on the screen of the display unit 209 is requested by a request from the administrator terminal device 107, The CPU 201 of the relay server 101 deletes corresponding transmission destination information from the black list management table and also deletes it from the black list removal candidate table.

  As for the black list management table stored in the HDD 204, each information is displayed on the screen of the display unit 209 or added or deleted according to a request from the administrator terminal device 107 as shown in the prior art. When an instruction is requested, the corresponding transmission destination information is added or deleted from the black list management table.

  In order for the administrator to appropriately perform the above work, the CPU 201 of the relay server 101 transmits each piece of information in response to a request from the administrator terminal device 107 for information in the transmission destination reliability table stored in the HDD 204. Displayed in the form of a list on the screen of the display unit 209 of the administrator terminal 107, or, as shown in FIG. 13, the time series data of temporary reliability values, continuous reliability values, and total reliability values for each transmission destination is a broken line. It can be displayed in a graph format.

  FIG. 13 shows the time series data of the temporary reliability value, the continuous reliability value, and the total reliability value of a certain transmission destination on the display unit of the manager terminal device 107 based on the transmission destination reliability value table shown in FIG. It is a figure which shows the example displayed in the line graph format.

  In the above description, the relay server 101 monitors communication data between the client terminal devices 102a and 102b and the Web server 105. However, the present invention is not limited to this, and the client terminal It may be performed by the device 102. In other words, the client terminal device 102 may be configured to monitor the information transmitted to the Web server 105 by itself.

  As described above, a blacklist that matches the actual situation is obtained by evaluating the temporary reliability of each Web page (transmission destination) according to the level of communication information and then evaluating the continuous reliability. And the white list can be managed while reducing the burden on the administrator, and the result can be used to restrict access and prevent leakage of information unintended by the user.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  The configuration of a data processing program that can be read by the information processing apparatus (relay server 101) according to the present invention will be described below with reference to the memory map shown in FIG.

  FIG. 15 is a diagram illustrating a memory map of a recording medium (storage medium) that stores various data processing programs readable by the information processing apparatus (relay server 101) according to the present invention.

  Although not specifically shown, information for managing a program group stored in the recording medium, for example, version information, creator, etc. is also stored, and information depending on the OS on the program reading side, for example, a program is identified and displayed. Icons may also be stored.

  Further, data depending on various programs is also managed in the directory. In addition, when a program or data to be installed is compressed, a program to be decompressed may be stored.

  The functions shown in FIGS. 3, 4, 5, 6, 7, 8, and 9 in this embodiment may be performed by a host computer by a program installed from the outside. In this case, the present invention is applied even when an information group including a program is supplied to the output device from a recording medium such as a CD-ROM, a flash memory, or an FD, or from an external recording medium via a network. Is.

  As described above, a recording medium in which a program code of software for realizing the functions of the above-described embodiments is recorded is supplied to the system or apparatus, and the computer (or CPU or MPU) of the system or apparatus is stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by reading and executing the program code.

  In this case, the program code itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program code constitutes the present invention.

  As a recording medium for supplying the program code, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, A silicon disk or the like can be used.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) or the like running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Furthermore, after the program code read from the recording medium is written in a memory provided in a function expansion board inserted in the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the case where the CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program represented by software for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading out a program represented by software for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention. It becomes.

  In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

DESCRIPTION OF SYMBOLS 101 Relay server 102 Client terminal device 103 Network 104 Mail server 105 Web server 106 Wide area network 107 Administrator terminal device 201 CPU
202 RAM
203 ROM
204 HDD
206 Storage medium drive 209 Display unit

Claims (7)

In a communication data monitoring apparatus that monitors data communicated between a client terminal and a Web server that is a data transmission destination,
Multiple reliability evaluation rules for evaluating the reliability of the transmission destination of data transmitted from the client terminal, and importance for determining which reliability evaluation rule to use among the plurality of reliability evaluation rules A reliability evaluation rule storage means for storing the level;
Transmission information level storage means for storing definition information in which an importance level is defined for each information type for classifying information included in data transmitted from the client terminal;
Information type detection means for detecting information classified into the information type from data transmitted from the client terminal;
Based on the definition information stored in the transmission information level storage means, transmission information level determination means for determining the importance level of the data from the information type of the information detected by the information type detection means;
In accordance with the importance level determined by the transmission information level determination means, the reliability evaluation rules to be used for the reliability evaluation of the transmission destination are a plurality of reliability evaluation rules stored in the reliability evaluation rule storage means. A reliability evaluation rule determination means determined from
Temporary reliability value calculating means for calculating a temporary reliability value of the transmission destination of the data transmitted from the client terminal according to the reliability evaluation rule determined by the reliability evaluation rule determining means;
Determining means for determining whether to permit transmission of the data based on the temporary reliability value of the destination calculated by the temporary reliability value calculating means;
A transmission control unit that transmits the data when the determination unit determines to permit the transmission of the data; and a transmission control unit that interrupts the transmission of the data when the determination unit determines not to permit the transmission of the data; ,
A communication data monitoring apparatus comprising: The communication data monitoring device further includes:
Temporary reliability value storage means for storing the temporary reliability value of the transmission destination calculated by the reliability value calculation means in time series for each transmission destination;
Continuous reliability evaluation means for calculating a continuous reliability value of the destination based on a time-series temporary reliability value stored in the temporary reliability value storage means;
Considering the time series change of the continuous reliability value calculated by the continuous reliability evaluation means, total reliability evaluation means for calculating the total reliability value of the transmission destination;
With
The determining means determines whether or not to permit transmission of the data by determining whether or not the total reliability value calculated by the total reliability evaluation means satisfies a predetermined criterion. The communication data monitoring apparatus according to claim 1, wherein:   The continuous reliability evaluation unit calculates a continuous reliability value from a value obtained by weighting the time series temporary reliability value stored in the temporary reliability value storage unit differently in time series. The communication data monitoring apparatus according to claim 2. The communication data monitoring device further includes:
According to the determination by the determination means, transmission permission / inhibition information storage means for storing transmission permission / inhibition information defining permission or / and disabling of data transmission for each transmission destination;
Transmission availability information updating means for adding or / and updating the transmission availability information in consideration of a time-series change in the overall reliability value calculated by the overall reliability evaluation means;
The communication data monitoring apparatus according to claim 2, further comprising: The communication data monitoring device further includes:
5. The apparatus according to claim 2, further comprising a reliability value display unit that displays any one or more of a temporary reliability value, a continuous reliability value, and an overall reliability value in time series. The communication data monitoring device described. A plurality of reliability evaluation rules for monitoring data communicated between a client terminal and a Web server that is a data transmission destination, and evaluating the reliability of the data transmission destination, and information included in the data Communication data monitoring method of a communication data monitoring device storing definition information in which an importance level for determining which reliability evaluation rule to use is determined for each information type for classifying Because
An information type detection unit for detecting information classified into the information type from data transmitted from the client terminal;
Based on the definition information in which the importance level is defined for each information type, the transmission information level determination means determines the importance level of the data from the information type of the information detected by the information type detection means in the information type detection step. A transmission information level determination step for determining
Reliability for determining the reliability evaluation rule to be used for reliability evaluation of the destination according to the importance level determined by the transmission information level determining means in the transmission information level determining step in the reliability evaluation rule determining means An evaluation rule determination step;
Temporary reliability value calculation means is a temporary reliability value of the destination of the data transmitted from the client terminal according to the reliability evaluation rule determined by the reliability evaluation rule determination means in the reliability evaluation rule determination step A temporary confidence value calculating step for calculating
A determination step for determining whether to permit transmission of the data based on the temporary reliability value of the destination calculated by the temporary reliability value calculation unit in the temporary reliability value calculation step;
The transmission control means transmits the data when the determination means determines that the transmission of the data is permitted by the determination means, and when the determination means determines that the transmission of the data is not permitted, the data A transmission control step for interrupting transmission of
A communication data monitoring method comprising: A program that can be executed by a communication data monitoring apparatus that monitors data communicated between a client terminal and a Web server that is a data transmission destination,
The communication data monitoring device;
Multiple reliability evaluation rules for evaluating the reliability of the transmission destination of data transmitted from the client terminal, and importance for determining which reliability evaluation rule to use among the plurality of reliability evaluation rules A reliability evaluation rule storage means for storing the level;
Transmission information level storage means for storing definition information in which an importance level is defined for each information type for classifying information included in data transmitted from the client terminal;
Information type detection means for detecting information classified into the information type from data transmitted from the client terminal;
Based on the definition information stored in the transmission information level storage means, transmission information level determination means for determining the importance level of the data from the information type of the information detected by the information type detection means;
In accordance with the importance level determined by the transmission information level determination means, the reliability evaluation rules to be used for the reliability evaluation of the transmission destination are a plurality of reliability evaluation rules stored in the reliability evaluation rule storage means. A reliability evaluation rule determination means determined from
Temporary reliability value calculating means for calculating a temporary reliability value of the transmission destination of the data transmitted from the client terminal according to the reliability evaluation rule determined by the reliability evaluation rule determining means;
Determining means for determining whether to permit transmission of the data based on the temporary reliability value of the destination calculated by the temporary reliability value calculating means;
Transmission control means for transmitting the data when the determination means determines to permit transmission of the data, and as transmission control means for interrupting transmission of the data when the determination means determines not to permit transmission of the data A program to make it work.

Images