摘要 |
The disclosed technology relates to a technology for detecting reverse access traffic from the outside of a network through behavior based analysis in a network security apparatus. A delay time based reverse access detecting system according to the disclosed technology comprises: a packet collecting unit for collecting packets transmitted and received between a client and a server; a session management unit for classifying the packets in respective sessions by analyzing the packets collected in the packet collecting unit; a delay time analysis unit for calculating the client delay time and the server delay time based on time in which an inbound packet and an outbound packet are transmitted and received in the respective sessions; and a detecting unit for detecting the reverse access traffic by comparing the reverse access traffic with the stored rules based on the client delay time and the server delay time. |