Security server monitoring device and load distribution system

Abstract

A security server monitoring device is provided that performs quick redistribution of loads when a server load increases due to virus infections. A security server performs a virus check on data flowing through a network, thus statistical data relating to detected viruses can be obtained. For example, future communication traffic and increases and decreases in server loads are predicted using statistical information such as the number of virus infections (number of virus infections per unit of time), and on the basis of this prediction, a security server allocated to a path is quickly changed from a security server in which a high load is predicted to a security server with a comparably low load.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a drawing showing an entire structure of a network;

FIGS. 2A to 2C are drawings showing block structures of a security server 10, a security server monitoring device 100 and a security gateway;

FIG. 3 is a drawing showing virus check result data in the security server 10;

FIGS. 4A and 4B are drawings showing an example of statistical information accumulated in the security server 10; and

FIG. 5 is a drawing showing a flowchart of the processing performed in the security server monitoring device 100.

Claims

1. A security server monitoring device for monitoring the load on a first security server which is allocated to a path in a network and which checks for computer viruses included in data flowing through the path, the security server monitoring device comprising: a gathering unit for gathering statistical information, from the first security server, relating to computer viruses in the first security server;a determination unit for determining whether a load condition of the first security server exceeds a first load level on the basis of the statistical information relating to the first security server; andan allocation unit for allocating a second security server to the path in place of the first security server when the determination unit determines that the load condition of the first security server exceeds the first load level.

2. The security server monitoring device according to claim 1, wherein the gathering unit gathers statistical information relating to the second security server,the determination unit determines whether the load condition of the second security server is less than a second load level on the basis of statistical information relating to the second security server, when the determination unit determines that the load condition of the first security server exceeds a fixed load level, andwhen the determination unit has determined that the load condition of the second security server is less than the second load level, the allocation unit selects the second security server from among a plurality of security servers which are not the first security server, and allocates the second security server to the path.

3. The security server monitoring device according to claim 1, wherein the allocation unit allocates the second security server to a portion of a plurality of paths to which the first security server is allocated.

4. The security server monitoring device according to claim 3, wherein the allocation unit selects the portion of the paths on the basis of the number of subscribers accommodated in each path or on the basis of the communication volume of each path.

5. The security server monitoring device according to claim 3, wherein the allocation unit selects the portion of the paths on the basis of the network link costs for each path to the second security server.

6. The security server monitoring device according to claim 1, wherein the gathering unit gathers load information relating to the first security server from the first security server, andthe determination unit determines whether the load condition of the first security server exceeds the first load level on the basis of the statistical information and the load information relating to the first security server.

7. The security server monitoring according to claim 2, wherein the gathering unit gathers load information relating to the second security server from the second security server, and the determination unit determines the load condition of the second security server on the basis of the statistical information and the load information relating to the second security server.

8. The security server monitoring device according claim 1, wherein the statistical information includes information relating to the number or rate of computer virus infections detected in a unit of time.

9. The security server monitoring device according to claim 8, wherein the statistical information includes information relating to the infection levels or the degree of danger of the detected computer viruses.

10. A load distribution system having: a first security server which is allocated to a path in a network and which checks for computer viruses included in data flowing through the path; and a security server monitoring device which monitors the load of the first security server, wherein the first security server comprises:a generating unit for generating statistical information relating to computer viruses on the basis of a computer virus check result;a first determination unit for determining whether the load condition of the first security server exceeds a first load level on the basis of statistical information relating to the first security server; anda notification unit for notifying the security server monitoring device of the determination result when the first determination unit determines that the load condition of the first security server exceeds the first load level, andthe security server monitoring device comprises:a receiving unit for receiving the determination result from the notification unit; andan allocation unit for allocating a second security server to the path in place of the first security server when the determination result is received.

11. The load distribution system according to claim 10, wherein the security server device comprises: a gathering unit for gathering statistical information relating to the second security server on the basis of the determination result received by the receiving unit; anda second determination unit for determining whether the load condition of the second security server is less than a second load level on the basis the statistical information relating to the second security server, andwhen the second determination unit determines that the load condition of the second security server is less than the second load level, the allocation unit selects the second security server from among a plurality of security servers which are not the first security server, and allocates the second security server to the path.

12. The load distribution system according to claim 10, wherein the allocation unit allocates the second security server to a portion of a plurality of paths allocated to the first security server.

13. The load distribution system according to claim 12, wherein the allocation unit selects the portion of the paths on the basis of the number of subscribers accommodated in each path or on the basis of the communication volume of each path.

14. The load distribution system according to claim 12, wherein the allocation unit selects the portion of the paths on the basis of the network link costs for each path to the second security server.

15. The load distribution system according to claim 10, wherein the generating unit generates load information relating to the first security server, andthe first determination unit determines whether the load condition of the first security server exceeds the first load level on the basis of the statistical information and the load information relating to the first security server.

16. The load distribution system according to claim 11, wherein the gathering unit gathers load information relating to the second security server from the second security server, andthe second determination unit determines whether the load condition of the second security server is less than the second load level on the basis of the statistical information and the load information relating to the second security server.

17. The load distribution system according to claim 10, wherein the statistical information includes information relating to the number or rate of computer virus infections detected in a unit of time.

18. The load distribution system according to claim 17, wherein the statistical information includes information relating to the infection levels or the degree of danger of the detected computer viruses.