METHOD AND APPARATUS FOR QUANTIFYING THREAT STATUS FOR RECOGNIZING NETWORK THREAT

摘要

The present invention relates to a method and an apparatus for quantifying threat conditions to recognize network threat in advance. The disclosed threat condition quantification method comprises a step of extracting a doubt domain by analyzing the packet pattern of a DNS traffic generated in a monitoring target network; a step of giving a corresponding security level to the predetermined security level according to the result for grasping the access IP in which the doubt domain is connected; a step of calculating an activation index according to a monitoring result of the doubt domain; a step of inferring the predicted attack amount in each doubt domain according to the predicted attack amount and the security level in each zombie computer. Therefore, the present invention recognizes the network threat condition in advance, prevents the attack based on the doubt domain and the predicted attack amount information, and generates an alarm for preventing the threat condition. [Reference numerals] (AA) START;(BB) END;(S201) Traffic packet pattern analysis;(S203) Doubt domain extraction;(S205) Access IP grasp;(S207) Security level provision;(S209) Access IP monitoring;(S211) Activation index calculation;(S213) Minimum prediction attack amount calculation;(S215) Maximum prediction attack amount calculation;(S217) Estimating prediction attack amount in each doubt domain