WEB ATTACK EVENT EXTRACTION SYSTEM AND METHOD BASED ON MONITORING DATA

摘要

PURPOSE: A web attack event extracting system based on monitoring data and a method thereof are provided to analyze an alert message generated from an IDS(Intruduction Detection System) and a firewall based on a web log. CONSTITUTION: An integrated log collecting and normalizing module(20) generates integrated log information. The integrated log collecting and normalizing module normalize the generated integrated log information. A multiple web session analysis module(30) analyzes the normalized integrated log information. A correlation analysis module(40) analyzes correlation of the normalized integrated log information. A web attack detecting and extracting module(50) detects and extracts a web attack event based on data analyzed from the correlation analysis module and the multiple web session analysis module.