| 摘要 |
According to an embodiment of the present invention, provided are a method and an apparatus for detecting abnormal traffic. The method comprises the steps of counting transmission frequency of each of ASCII codes forming a data packet; applying a filtering window, having a threshold range for the transmission frequency of each of the ASCII codes, to the counted transmission frequency and counting transmission frequency of an abnormal packet; and detecting inflow of the abnormal traffic if the counted transmission frequency of the abnormal packet is more than a set threshold. The present invention counts the transmission frequency for each of the ASCII codes while reading the flowing-in data packet without a return, thereby sensing a repeated pattern and detecting the abnormal traffic. Through this, the present invention eliminates return property and ambiguity of the existing detection of abnormal traffic, and makes rapid and reliable detection possible. |
