| 发明名称 | Method and system for providing network monitoring, security event collection apparatus and service abnormality detection apparatus for network monitoring | ||
| 摘要 | A network monitoring system includes: a traffic information generating apparatus for generating traffic information. Further, the network monitoring system includes a security event collecting apparatus for collecting the traffic information generated by the traffic information generating apparatus by referring to pre-stored traffic information, grouping the collected traffic information, and then extracting service information. Furthermore, the network monitoring system includes a service abnormal condition detecting apparatus for detecting a port number of a transport layer of service information extracted from the security event collecting apparatus and the occurrence frequency of the transport layer, determining the continuity of the port number and the uniformity of the occurrence frequency, and displaying a service abnormal condition. | ||
| 申请公布号 | US8775613(B2) | 申请公布日期 | 2014.07.08 |
| 申请号 | US201113272687 | 申请日期 | 2011.10.13 |
| 申请人 | Electronics and Telecommunications Research Institute | 发明人 | Chang Beom Hwan;Jeong Chi Yoon;Sohn Seon-Gyoung |
| 分类号 | G06F15/173 | 主分类号 | G06F15/173 |
| 代理机构 | Ladas & Parry LLP | 代理人 | Ladas & Parry LLP |
| 主权项 | 1. A network monitoring system, the system comprising: a traffic information generating apparatus stored in a memory and executed by a processor for generating traffic information; a security event collecting apparatus stored in the memory and executed by the processor for collecting the traffic information generated by the traffic information generating apparatus by referring to pre-stored traffic information, grouping the collected traffic information, and then extracting service information; and a service abnormal condition detecting apparatus stored in the memory and executed by the processor for detecting a port number of a transport layer of service information extracted from the security event collecting apparatus and the occurrence frequency of the transport layer, determining the continuity of the port number and the uniformity of the occurrence frequency, and displaying a service abnormal condition, wherein, an abnormal condition detection and display unit stored in the memory and executed by the processor displays the source port and the destination port as dot coordinates in a two-dimensional coordinate system, wherein the two-dimensional coordinate system comprises an X-axis defined as the port number, and a Y-axis defined as an occurrence frequency (number of sessions). | ||
| 地址 | Daejeon KR | ||