| 摘要 |
PURPOSE: A hacking type analysis method through a web access log filter is provided to automatically analyze collected web logs by confirming a real-time access state for a harmful IP(Internet Protocol). CONSTITUTION: A pre-discriminated harmful IP(Internet Protocol) is registered in a system. The harmful IP is compared with a specific character string in a TCP(Transmission Control Protocol) header data part of the received data packet. Access for the harmful IP is monitored. A log corresponding to the harm IP is extracted. A destination IP and a port are additionally stored. The log and access message for the registered harmful IP is outputted on a screen in real time(207). [Reference numerals] (104) All network packet collection; (201) Web log filter; (202) Harmful IP comparison and analysis; (203) Harmful IP access message generation; (204) Harmful IP web log generation; (205) Harmful IP web log storage; (206) Log transmission; (207) Log output; (208) Web log analysis tool; (AA) Mirroring (Network monitoring); (BB) Harmful IP list; (CC) Harmful IP registration; (DD) ESM(Enterprise security management system); (EE) Network communication; (FF) Harmful IP access message output window; (GG) Harmful IP web log output window; (HH) Harmful IP access message; (II) Harmful IP web log
|
