DENIAL-OF-SERVICE ATTACK DETECTION METHOD THROUGH BI-DIRECTIONAL PACKET ANALYSIS

摘要

PURPOSE: A service denial attack detection method through a bidirectional traffic analysis is provided to efficiently detect the attack of a service through the pattern characteristic of bidirectional traffic. CONSTITUTION: An analysis module(200) extracts a response traffic which is synchronized from a server(100) about an HTTP(HyperText Transfer Protocol) client-server. The analysis module recognizes whether a response packet is received. When the analysis module detects cache behavioral anomaly, server behavioral anomaly, or user behavioral anomaly, corresponding client IP is determined as an attacker IP.