METHOD FOR DETECTING INTRUSION BY INFERRING DEGREE OF DANGER

摘要

PURPOSE: A method for detecting intrusion by inferring a degree of danger is provided to analyze a packet by considering use of a destination system utility of a searched packet, infer the degree of danger and notify it. CONSTITUTION: A packet collector collects network packets. A packet analyzer analyzes the collected packet and then divides it into an IP(Internet Protocol) of a destination system and packet data(52,54). The packet analyzer compares and searches the information on various intrusion types, which is stored in an intrusion type DB, with the packet data and then discriminates whether the packet corresponds with a predetermined intrusion type(56). If the packet corresponds with a predetermined intrusion type, the packet analyzer compares the IP of the divided destination system and the use field DB, and infers and then notifies the degree of danger(60,62,64).