APPARATUS AND METHOD FOR MONITORING NETWORK USING WHITELIST

摘要

PURPOSE: A network monitoring device using a white list and a method thereof are provided to confirm abnormal information of a network without attack signature information for the network by monitoring a normal communication pattern between communication nodes. CONSTITUTION: A white list generator(110) generates a white list by analyzing packets transmitted and received between communication nodes. A monitoring unit(120) compares the white list with information about an abnormal symptom determination target packet. When information which is not defined on the white list is included in target packet information, the monitoring unit determines a target packet as an abnormal symptom. An alarm generator(130) notifies information for security threat to a user according to the determined abnormal symptom. [Reference numerals] (110) White list generator; (111) Packet collector; (112) Network layer analyzer; (113) Control layer analyzer; (114) Correlation layer analyzer; (115) White list definition unit; (116) White list feed-back unit; (120) Monitoring unit; (121) Target packet receiver; (122) Network layer monitoring unit; (123) Control layer monitoring unit; (124) Correlation layer monitoring unit; (125) Normality verification unit; (130) Alarm generator;