A Network Traffic Analysis and Monitoring Method based on Attack Knowledge

摘要

in the intrusion detection method of the present invention is network attacks, a conventional system detects a virus or hacking and defense functions, but may be carried out, monitoring the set of streams to protect these global networks or a network attack, attack due for the global system with the ability to fully protect the network are not present in its own network attack relates to a method for determining the presence or absence. ; can be detected and an alarm for the global attack by the attacking situation analysis using the knowledge according to the present invention, existing intrusion detection systems, and work is possible, and rule-based analysis of network traffic that is used in the existing intrusion detection systems can also be implemented as a single security alarm characteristically occurs in the network through the situation analysis using the knowledge of the detection of the attack can not be determined attack conditions which may be offensive to determine the circumstances, to be able to calculate the value in the attack information from the flooding phenomenon may be possible to analyze security alerts and monitoring of global attacks.