METHOD FOR DETECTING INTRUSION IN NETWORK

摘要

An embodiment of the present invention relates to a method for detecting attack data in a system which combines a plurality of nodes transmitting/receiving data, a network comprising of a switch relaying flow transmitting/receiving between the nodes and an intrusion detection system (IDS). The method comprises the steps of: installing an SDN supporting switch for network flow sampling and connecting to an SDN controller; figuring out the number of network flows and switches through the SDN controller; drawing a sampling ratio of each of the SDN supporting switches; allowing the switches to transmit packet information as much as the sampling ratio to the IDS; and allowing the IDS to determine malicious data according to the packet information, and updating a sampling ratio with respect to each of the SDN supporting switches. Therefore, by installing a switch supporting SDN on the existing network and connecting to the SDN controller, the embodiment can examine whether there is attack data in the entire network traffic in an IDS implemented in a specific location, thereby effectively monitoring networks.