LOG-BASED TRACEBACK SYSTEM AND METHOD BY USING THE CENTROID DECOMPOSITION TECHNIQUE

摘要

A back-tracking system based on log and a method thereof using a center division technique capable of quickly searching the actual location of an attacker are provided to apply connection information of a network router collected from a network managing server and log information of an invasion alarm. A log information input module(101) collects log information toward the invasion alarm of a network attacker from an intrusion detection system(120). A reverse invasion process module(103) extracts necessary log information and analyzes log information of the collected invasion alarm. If the log information of the invasion alarm is inputted, a centroid node detection module(104) collects the connect information of the network router from the network management server(110).