METHOD AND APPARATUS OF ADAPTIVE AND FLEXIBLE INTRUSION DETECTION SYSTEM FOR P2P BOTNET

摘要

An intrusion detection system according to an embodiment proposes an adaptive and flexible intrusion detection method for detection of a P2P botnet. The intrusion detection system may comprise: a collection unit which collects pcap traffic in real time in an environment in which parallel operation is performed in a big data analysis cluster; a parsing unit which extracts features required for detection by parsing the collected pcap traffic; a P2P host detection unit which separates general network traffic and P2P traffic using the extracted features; and a botnet detection unit which detects a P2P botnet from the separate P2P traffic, and blocks the detected P2P botnet.