Log-based traceback system and method by using the centroid decomposition technique

摘要

Relates to a system and method for tracking station the attacker by using the center partition (Centroid Decomposition) technique in accordance with an embodiment of the present invention, the log information input module to collect log information (log data) of the intrusion alarm from the intrusion detection system .; Applying a shortest path algorithm for the connection information of the network router collected by the network management server to generate a shortest path tree, applies a center point division techniques (centroid decomposition technique) to remove the leaf nodes of the shortest path tree to centroid node the detection, and generating a centroid tree to the detected centroid of each node as the node level centroid node detection module (centroid node); And a router connected to the source of the matching attacker to sequentially compare each level of the log information and the centroid tree of the collected intrusion alarm to request the log information of the router to be matched against nodes in each level of the centroid tree comprising: a traceback processing module traceback being, can not find the attackers to cause a security incident quickly, reducing the load on the back-trace system, threats or attacks since the vulnerability can be easy to identify through a host that exposure this corresponds to an effect of ease. ; Center split technique, intrusion detection, log-based, backtracking