摘要 |
An apparatus and a method for detecting a network attack through traffic pattern analysis are provided to efficiently operate a network by actively detecting aggression or an abnormal situation on the network and preventing a network attack previously or coping with an attack act early enough. An apparatus for detecting a network attack through traffic pattern analysis comprises a pattern DB(40), a packet inspection part(10), a packet extraction part(20), a traffic analysis part(30), a traffic countermeasure part(50), and a traffic monitoring part(60). The pattern DB(40) stores abnormal traffic patterns, based on external attacks, and normal traffic patterns. The packet inspection part(10) checks an abnormal symptom of inputted packet flows. The packet extraction part(20) collects packet flows showing an abnormal symptom, and extracts a traffic pattern for the packet flows. The traffic analysis part(30) compares the extracted traffic pattern with traffic patterns stored in the pattern DB(40), and analyzes whether the extracted traffic pattern is by an external attack. The traffic countermeasure part(50), if the extracted traffic pattern is by an external attack, determines a countermeasure for the traffic. In case the extracted traffic pattern is not by an external attack, the traffic monitoring part(60) monitors traffic patterns for a preset time, extracts traffic patterns after the preset time, and transfers them to the traffic analysis part(30).
|