APPARATUS AND METHOD FOR MAKING AUTOMATIC SECURITY POLICY USING ANALYZING CORRELATION WITH MALIGNANT ACTION

摘要

A system for collecting a malignant action using a virtual operating system according to the present invention includes a honeypot which responds to the attack of an attacker instead of a protection system, monitors the attack of the attacker, and restores informant files modified by the attack; a storage server for storing the original files and modified files of important files to be restored; a log server for collecting logs generated in the honeypot and enabling backtracking of the attacker later; and a malignant action collection module for analyzing an attack pattern collected in the log server and storing a malignant action. The apparatus for making an automatic security policy includes a malignant action DB storage part; a correlation analysis part; a malignant action judging part; and a malignant action blocking part.;COPYRIGHT KIPO 2019