摘要 |
PURPOSE: A crack detection system is provided to analyze a network flow by using a network flow clustering technique and to prevent an accumulation of unnecessary profiles by using the network flow as monitoring data. CONSTITUTION: The system comprises an external network(100), a network traffic collector(200), a crack detector(300), a network flow controller(400), and an internal network(500). The network traffic collector(200) collects all the packets between the internal network(500) and the external network(100). The crack detector(300) converts the collected packets into the network flow, generates a flow graph, and detects the crack by clustering the generated flow graph. The network flow controller(400) cuts off a connection to a network according to a security policy in the case that the crack is detected. Specially, the network flow controller(400) transmits an RST packet to an information system of the internal network(500) or the external network(100) in the case that the crack is detected in the internal or the external network. The network traffic collector(200), the crack detector(300), and the network flow controller(400) are installed at an access point.
|