摘要 |
PURPOSE: Service network type integrated security device and method thereof through transaction pattern analysis·monitoring are provided to firstly perform control through compulsory blockage and security path with respect to hacker intrusion and abnormal traffic in a network and to secondarily perform compulsory blockage and security filtering access of web server, web application server, general application server and database management system (DBMS). CONSTITUTION: A security management server SMS (300) is connected to N security pattern modules (SPMs) having a mass network environment base and N agent modules (AMs). The SMS receives normal event, abnormal event and pattern analysis result data and analyzes them. The SMS detects hacker intrusion and traffic abnormality. The SMS sets up defense correspondence element for the detected hacker intrusion and traffic abnormality. The SMS outputs a security filtering mode to the N SPMs. [Reference numerals] (100) Agent module; (300) Security management server; (AA) Web server; (BB,GG) Response policy; (CC) Access / edge network; (DD) Subscriber network; (EE,FF) Emergency sign and invasion alert; (HH) Smartphone application server
|