Search

US-20260129078-A1 - PRIORITY DETERMINATION SYSTEM AND PRIORITY DETERMINATION METHOD

US20260129078A1US 20260129078 A1US20260129078 A1US 20260129078A1US-20260129078-A1

Abstract

A priority determination system includes: an obtainer that obtains vulnerability information concerning a vulnerability of a monitoring target; an inquiry component that obtains, based on the vulnerability information, configuration information indicating a configuration of a honeypot and observation information from observation performed by the honeypot; an analysis determiner that determines a priority of response to the vulnerability by analyzing the configuration information and the observation information; and an outputter that outputs a result of the determination performed by the analysis determiner.

Inventors

  • Shoichiro SEKIYA
  • Yuishi Torisaki
  • Ryo Watanabe
  • Tomoyuki Haga

Assignees

  • PANASONIC AUTOMOTIVE SYSTEMS CO., LTD.

Dates

Publication Date
20260507
Application Date
20251001
Priority Date
20241101

Claims (10)

  1. 1 . A priority determination system comprising: a vulnerability information obtainer that obtains vulnerability information concerning a vulnerability of a monitoring target; a honeypot information obtainer that obtains, based on the vulnerability information, configuration information indicating a configuration of a honeypot and observation information obtained from observation performed by the honeypot; an analysis determiner that determines a priority of response to the vulnerability by analyzing the configuration information and the observation information; and an outputter that outputs a result of the determination performed by the analysis determiner.
  2. 2 . The priority determination system according to claim 1 , wherein the honeypot information obtainer determines, based on the vulnerability information, whether the observation information is obtainable, and obtains the configuration information and the observation information when the observation information is determined to be obtainable.
  3. 3 . The priority determination system according to claim 2 , further comprising: an analyzer that analyzes the vulnerability information, wherein the analyzer extracts identification information for identifying the honeypot related to the vulnerability from the vulnerability information, and when the identification information is extracted, the honeypot information obtainer determines that the observation information is obtainable.
  4. 4 . The priority determination system according to claim 3 , wherein the configuration information is stored in the honeypot, and the honeypot information obtainer obtains the configuration information from the honeypot identified based on the identification information.
  5. 5 . The priority determination system according to claim 3 , wherein the honeypot information obtainer obtains, from a management device managing the honeypot, the configuration information of the honeypot identified based on the identification information.
  6. 6 . The priority determination system according to claim 3 , wherein the configuration information is stored in a storage included in the priority determination system, and the honeypot information obtainer obtains, from the storage, the configuration information including the identification information.
  7. 7 . The priority determination system according to claim 1 , wherein the configuration information includes a name of software included in the honeypot, a port number used by the software, a name of a service operating on the honeypot, geographic information of the honeypot, or an attribute of the honeypot.
  8. 8 . The priority determination system according to claim 1 , wherein the analysis determiner determines that a response priority to the vulnerability is high when communication traffic is determined to be increasing in the observation information, the communication traffic being generated by an attack presumed to be attributable to the vulnerability.
  9. 9 . The priority determination system according to claim 1 , wherein the honeypot information obtainer further obtains an analysis result from analysis performed on the vulnerability by a security monitoring and analysis system, and the analysis determiner analyzes the configuration information, the observation information, and the analysis result and determines the priority of response to the vulnerability.
  10. 10 . A priority determination method comprising: obtaining vulnerability information concerning a vulnerability of a monitoring target; obtaining, based on the vulnerability information, configuration information indicating a configuration of a honeypot and observation information obtained from observation performed by the honeypot; determining a priority of response to the vulnerability by analyzing the configuration information and the observation information; and outputting a result of the determination performed in the determining.

Description

CROSS REFERENCE TO RELATED APPLICATION The present application is based on and claims priority of Japanese Patent Application No. 2024-193032 filed on November 01, 2024. FIELD The present disclosure relates to a priority determination system and a priority determination method for determining the priority of response to a vulnerability of a monitoring target. BACKGROUND Patent Literature (PTL) 1 discloses a technique for determining the priority of response to a cyberattack using honeypot observation information. Citation List Patent Literature PTL 1: Japanese Patent No. 7311354 SUMMARY The system disclosed in PTL 1 can be improved upon. Therefore, the present disclosure provides a priority determination system and the like capable of improving upon the above related art. A priority determination system according to the present disclosure includes: a vulnerability information obtainer that obtains vulnerability information concerning a vulnerability of a monitoring target; a honeypot information obtainer that obtains, based on the vulnerability information, configuration information indicating a configuration of a honeypot and observation information obtained from observation performed by the honeypot; an analysis determiner that determines a priority of response to the vulnerability by analyzing the configuration information and the observation information; and an outputter that outputs a result of the determination performed by the analysis determiner. A priority determination method according to the present disclosure includes: obtaining vulnerability information concerning a vulnerability of a monitoring target; obtaining, based on the vulnerability information, configuration information indicating a configuration of a honeypot and observation information obtained from observation performed by the honeypot; determining a priority of response to the vulnerability by analyzing the configuration information and the observation information; and outputting a result of the determination performed in the determining. Note that these comprehensive or specific aspects may be implemented by a system, method, integrated circuit, computer program, or recording medium such as a computer-readable compact disc read-only memory (CD-ROM), or by any combination of the system, method, integrated circuit, computer program, and recording medium. According to the priority determination system and the like in one aspect of the present disclosure, it is possible to improve upon the above related art. BRIEF DESCRIPTION OF DRAWINGS These and other advantages and features of the present disclosure will become apparent from the following description thereof taken in conjunction with the accompanying drawings that illustrate a specific embodiment of the present disclosure. FIG. 1 is a block diagram illustrating an example of a priority determination system according to an embodiment. FIG. 2 is a flowchart illustrating an example of the operation of the priority determination system according to the embodiment. FIG. 3 is a diagram illustrating an example of an analysis method for a trend of attacks targeting a vulnerability of a monitoring target. FIG. 4 is a diagram illustrating another example of the analysis method for a trend of attacks targeting a vulnerability of a monitoring target. DESCRIPTION OF EMBODIMENTS Honeypots corresponding to various services exist, and in the technique disclosed in PTL 1, it is difficult to identify a honeypot that observes an attack targeting a vulnerability of a monitoring target and to obtain observation information of such a honeypot. For this reason, there is a case where an attack targeting a vulnerability of a monitoring target cannot be analyzed, which makes it difficult to determine the priority of response to the vulnerability of the monitoring target. Hereinafter, description is provided on a priority determination system and a priority determination method that can obtain observation information of a honeypot that observes an attack targeting a vulnerability of a monitoring target and can determine the priority of response to the vulnerability of the monitoring target. Embodiments will be specifically described below with reference to the drawings. Note that the embodiments described below show comprehensive or specific examples. The numerical values, shapes, materials, components, arrangement positions and connection forms of components, steps, order of steps, and the like shown in the following embodiments are examples and are not intended to limit the present disclosure. Embodiment A priority determination system according to an embodiment will be described below. FIG. 1 is a block diagram illustrating an example of priority determination system 10 according to the embodiment. In addition to priority determination system 10, FIG. 1 illustrates a vulnerability notification system that notifies a discovered vulnerability, a terminal operated by a person in charge of responding to vulne