INTRUSION DETECTION SYSTEM CAPABLE OF CONTROLLING ACCESS AND METHOD FOR RESPONDING INTRUSION

摘要

PURPOSE: An intrusion detection system capable of controlling access and a method for responding the intrusion are provided to solve the difficulties for setting an intrusion responding function by providing an intrusion function according to a usage of an intrusion detection method. CONSTITUTION: All traffics to a network having a monitoring target server(110) from an external or internal network(100) are collected by a data collector(120), filtered by a data filtering and condensing part(130) and reported to the warning and reporting part(150) if the traffic is judged as the intrusion. An intrusion responding part(160) carries out a responding activity. The intrusion detector comprises a security policy violation detector(141), a misuse detector(142), an abnormal activity detector(143) and a re-analyzer(144). The intrusion responding part carries out the responding activity by linking with a general intrusion responding part(161) carrying out the general responding function such as an alarm, logging-in and an access cancellation. The access control system linking part generates an access control rule and transfers a filtering rule to a network or a host access control system(170,180).