| 摘要 |
A detail processing method for abnormal traffic log data is provided to record and maintain detail log information about abnormal traffic detected in a state of having no load on a system in a high-speed network environment, thereby dealing with abnormal traffic more effectively in the future. A detail processing method for abnormal traffic log data comprises the following steps of: inputting a traffic packet connection to a hardware portion(210) by using an apparatus divided into a software portion(220) and the hardware portion; comparing and analyzing whether the traffic packet matches a pattern matching DB(Database)(212), in which the pattern of an abnormal traffic address is made into a DB, at a first level and transmitting the traffic packet to the software portion when the traffic packet matches the pattern matching DB; and analyzing whether the traffic packet matches a sync pattern matching DB(222) of the software portion at a second level and recording detailed information about log data for abnormal traffic when the traffic packet matches the sync pattern matching DB. A pattern matching analysis method at the second level comprises the following steps of: attaching a rule ID(Identification) analyzed by the pattern matching of the first level to the traffic packet to transmit the traffic packet to the software portion; and transmitting the traffic packet and the rule ID to an event-log matching engine(221) and allowing the event-log matching engine to detect and record detail log information for a pattern matching the rule ID in real time.
|
