| 摘要 |
The present invention relates to a method and apparatus for a profiling service of signature-based network security equipment, which can reduce resources and processing time by constructing rule sets specialized for network service features, and which enable an initial rule set for each network service environment to gradually evolve by processes of opening, sharing and participating, thereby having an effect of enabling bidirectional customization between a user and a network attack detection information provider. According to the present invention, a method for a profiling service of signature-based network security equipment comprises the steps of: loading a rule set from a rule DB which manages a plurality of rule set-based rule files adapted to determine whether an attack is detected; receiving a rule for a predetermined attack pattern, to be added based on the rule set, from a user via the rule DB; receiving service information, corresponding to a network service which is selected by the user among network service types provided by a profiling service apparatus of signature-based network security equipment including the rule DB, via a service template; selecting rules corresponding to the received service template, and generating a rule set which is optimized by using an optimization algorithm; performing a simulation of the optimized rule set for each preset performance measurement type based on the network service selected by the user; and reporting a result of the simulation for the preset performance measurement type. |
