METHOD AND TERMINAL APPARATUS OF CYBER-ATTACK PREVENTION

摘要

PURPOSE: A terminal-centered cyber-attack preventing method and a terminal device thereof are provided to analyze cyber-attacks by malicious codes such as a Botnet through a terminal-centered user behavioral pattern analysis, thereby blocking excessive traffic into a network. CONSTITUTION: A packet handler module (110) senses the excessive traffic due to transmission packets. An abnormal traffic sensor (130) senses the abnormal traffic using a first condition and a second condition. The first condition is a condition where the excessive traffic is maintained for a certain period of time. The second condition is a condition where the amount of the same-type transmission packets is equal to or greater than a threshold value. A traffic cut-off requester (140) generates a traffic cut-off request signal depending on the abnormal traffic sensing result. [Reference numerals] (110) Packet handler module; (120) Interrupt analysis unit; (130) Abnormal traffic sensor; (140) Traffic cut-off requester; (150) User matching unit; (AA) Packet formation request; (BB) Transmission packet; (CC) Packet counting cycle initialization; (DD) Input device interrupt; (EE) Interrupt counting cycle initialization; (FF) Excessive traffic detection; (GG) Interrupt counting value; (HH) Upper security mode; (II) Transmission packet header; (JJ) Abnormal traffic detection; (KK) Traffic cut-off request; (LL) Cut-off approval response; (MM) Cut-off approval request