| 摘要 |
An apparatus and a method for restricting potentially dangerous ports through the profiling of network traffic data are provided to eliminate the vulnerability of a network, smoothly use an internal network, and lessen a network manager's work load by profiling network traffic data during an appointed period and intercepting potentially dangerous ports using them. An apparatus for restricting potentially dangerous ports through the profiling of network traffic data comprises a profiling module(110), a statistical data creation module(130), and a policy module(140). The profiling module extracts traffic information from network traffic data, and detects the data volume of each port. Based on the traffic information and the data volume of each port, the statistical data creation module creates statistical data by accumulating the data volume of each port according to each IP address. The policy module extracts limited ports, of which the data volumes are below a certain reference value, according to IP addresses and transmits the extracted information to a network security system(100) so that the network traffic data of the limited ports can be intercepted. |
