发明名称 |
APPARATUS FOR ANALYZING CONNECTIONS ABOUT SECURITY EVENTS BASED ON RULE AND METHOD THEREOF |
摘要 |
<p>PURPOSE: A rule-based security event correlation analyzing device and a method thereof are provided to implement quick detection by performing correlation analysis by generating a user event memory without performing the correlation analysis of a security event. CONSTITUTION: A rule management unit(410) receives a security event generated from an IT security device(200) or a physical security device(100) to check an event requiring correlation analysis. An event management unit(420) analyzes the security event to delete or generate a user event memory or to check a correlation analysis target event. If the security event is received from the event management unit, a correlation processing unit(430) analyzes matching between a user event list and a correlation event of a rule database about a user ID in the security event. [Reference numerals] (100) Physical security device; (200) IT security device; (300) Event collector; (301) Collecting unit; (302) Standardizing unit; (303) Transmitting unit; (400) Linkage analyzer; (410) Rule management unit(RMU); (411) Rule DB version check unit; (412) Rule DB analysis event collecting unit; (413) Event filter unit; (420) Event management unit; (421) User event memory generating unit; (422) Event memory management unit; (423) User event memory deleting unit; (430) Linkage processing unit; (431) Rule DB analysis event inquiry unit; (432) User event memory requesting unit; (433) Detection transmitting unit; (434) Rule DB linkage event inquiry unit; (435) Linkage detecting unit; (500) User DB; (600) Rule DB</p> |
申请公布号 |
KR20130068769(A) |
申请公布日期 |
2013.06.26 |
申请号 |
KR20110136122 |
申请日期 |
2011.12.16 |
申请人 |
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE |
发明人 |
KANG, DONG HO |
分类号 |
G06F21/00;G06F11/30;G06F17/30 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|