APPARATUS AND METHOD FOR DETECTING ATTACK BY USING LOG ANALYSIS

摘要

Attack detection apparatus using a log analysis according to an embodiment of the present invention is a log analysis unit for detecting the occurrence of a predetermined event based on the log of the terminal, each of a series of events generated when the cyber attack proceeds from the leaf node On the basis of the tree structure mapped in order to each node connected to the root node, an attack detection unit for determining whether a predetermined event exists among the events mapped to each node and a predetermined event are directed from one leaf node to the root node. When the attack detection unit determines that the predetermined level of the tree structure occurs to the predetermined level of the event mapped to each connected node, the attack counter includes an attack counter that performs a corresponding operation for responding to the cyber attack.