摘要 |
The present invention provides a method and a system for providing detection rules in a network security system. The method comprises the processes: generating a traffic analysis-based detection rule of a packet flowing from a queue received through a network interface and a regular expression rule related to the traffic analysis-based detection rule; performing attack correlation analysis-based verification for preventing a wrong detection of a policy corresponding to the generated detection rule, and verifying the regular expression rule generated through pattern matching of a rule predefined to a policy verifying unit; converting a policy corresponding to the generated detection rule into a heterogeneous rule based on the verified regular expression rule; sequentially processing the policy based on the generated detection rule according to a detection rule management flow preset by layer in a layered network, and distributing the processed policy to a plurality of security devices through an agent classified and supported by attack pattern; and reporting a detection rule-based policy application result generated through a comparison between a policy information-related hash value by security device prestored and hashed by a policy control server and a hash value obtained by collecting a policy application result distributed by security device. |