LOG-BASED TRACEBACK SYSTEM AND METHOD BY USING THE CENTROID DECOMPOSITION TECHNIQUE
摘要
A back-tracking system based on log and a method thereof using a center division technique capable of quickly searching the actual location of an attacker are provided to apply connection information of a network router collected from a network managing server and log information of an invasion alarm. A log information input module(101) collects log information toward the invasion alarm of a network attacker from an intrusion detection system(120). A reverse invasion process module(103) extracts necessary log information and analyzes log information of the collected invasion alarm. If the log information of the invasion alarm is inputted, a centroid node detection module(104) collects the connect information of the network router from the network management server(110).
申请公布号
KR20090009622(A)
申请公布日期
2009.01.23
申请号
KR20070073059
申请日期
2007.07.20
申请人
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
发明人
KIM, JONG HYUN;KIM, GEON LYANG;SOHN, SEON GYOUNG;CHANG, BEOM HWAN;JEONG, CHI YOON;RYU, JONG HO;NA, JUNG CHAN;JANG, JONG SOO;SOHN, SUNG WON