SNMP-BASED TRAFFIC FLOODING ATTACK DETECTING SYSTEM USING SVM

摘要

Disclosed is an SNMP-based traffic flooding attack detecting system capable of detecting attack traffic by analyzing traffic in a network, comprising an attack type database (DB) storing an SNMP type of attack traffic; a first stage analyzing unit collecting traffic in a network and determining whether the collected traffic is attack traffic by using a support vector machine (SVM); a second stage analyzing unit receiving traffic determined as attack traffic from the first stage analyzing unit, analyzing an SNMP type of the received traffic, and storing the analyzed traffic in the attack type DB; and a real-time handling unit receiving the attack traffic from the first stage analyzing unit, comparing a type of the received traffic with the SNMP type stored in the attack type DB, and handling the attack traffic when the two types are identical. By the SNMP-based traffic flooding attack detecting system, a traffic attack can be quickly detected in real time and a service can be managed by limiting it partially according to protocols against a flooding attack.;COPYRIGHT KIPO 2014