INTRUSION DETECTION SYSTEM BASED SYSTEM FOR MONITORING AGGRESSION TRAFFIC IN REAL TIME, CONCERNED WITH PROVIDING TRAFFIC TYPES IN REAL TIME BY DISCRIMINATING AGGRESSION TRAFFIC FROM NORMAL TRAFFIC

摘要

PURPOSE: An intrusion detection system based system for monitoring aggression traffic in real time is provided to analyze traffic types of network packets, and discriminate aggression traffic. CONSTITUTION: A network packet collecting module(110) collects all network packets flowed into from a monitoring network for classifying the network packets by services. An aggression detecting module(120) detects whether the collected network packets are aggression packets. A traffic information aggregation module by aggression types(130) aggregates the size and the number of packets by types. A traffic information aggregation module by TCP/UDP/ICMP/NOT-IP(140) obtains the number of packets related to TCP/UDP/ICMP/NOT-IP traffic by protocols. A traffic information aggregation module by service types(150) aggregates the number of packets by a reference of the size of the packet by main service ports. A traffic information transmission module(160) transmits traffic information to a traffic information display device.