APPARATUS FOR DETECTING AND PREVENTING APPLICATION LAYER DISTRIBUTE DENIAL OF SERVICE ATTACK AND METHOD

摘要

PURPOSE: A device and a method for detecting and blocking service attack of applied layer distribution are provided to enable a general user to continuously use a service by removing only attacker traffic by exactly extracting an internet address of an attacker. CONSTITUTION: An information collecting unit(104) monitors a service request packet which a plurality of server and a client request during a preset monitoring time. The information collecting unit collects data information transmitted by applied layer. A monitoring unit(106) set the monitoring time. The monitoring unit extracts traffic information in data information collected during a set monitoring time. An analyzing unit(108) determines whether an attack traffic exists or not by comparing the extracted traffic information with a previously learned traffic model.