摘要 |
An intrusion prevention system and a controlling method thereof are provided to separately manage attack rule information applied to a secondarily detected attack, and to refer to accumulated information results of the attack rule, thereby minimizing false positive probability for normal packets as predicting generation of harmful traffic. A detecting unit(102) detects packet information in a software way according to predetermined attack rule application. A storage(104) stores attack rule generation information on detected attack packets according to characteristics of the attack rule. An analysis coping module(126) compares the attack rule generation information with a preset threshold value, and provides a coping mode for selectively blocking the attack packets if the attack rule generation information exceeds the threshold value.
|