摘要 |
A method for managing self-learning in an intrusion prevention system and a malicious traffic managing method using the same are provided to minimize load of the system by restricting all traffic received from the network to the preset number of permitted monitoring ports, and recognizing abnormal traffic possibility and reset a blocking policy by applying the blocking policy set by the self-learning. The traffics received through the network are collected for a predetermined self-learning period(214). The collected traffic information is generated within the preset number of permitted monitoring ports to be provided as abnormal traffic blocking policy information and the generated traffic information is transmitted to an operation managing module(228). The traffics are collected by analyzing packet data of the received traffic, determining whether a port number of the analyzed packet data is registered to the preset blocking policy, comparing the port number with a reference port number, respectively updating/storing the traffic information to different map tables according to the port number, and calculating a limit of the stored traffic information.
|