METHOD AND SYSTEM FOR NETWORK CONNECTION-CHAIN TRACEBACK USING NETWORK FLOW DATA

摘要

The present invention is to provide a method and a system for back-tracking a network connection chain by using network flow data to track an attack source for a cyber hacking attack which is via several sites without additional new equipment of networks or correction of a standard protocol when the cyber hacking attack occurs in the Internet and inner networks. According to the present invention, the method comprises the following steps: searching a network session to generate finger printing information in which a corresponding source address is replaced by the tracking address; and generating an attack connection chain list in which an ID for the corresponding network session is further added to an ID for a previous network session.