INTRUSION PREVENTION APPARATUS BASED ON ALERT SEVERITY OF SIGNITURE DETECTION AND ABNORMAL TRAFFIC AND METHOD THEREOF

摘要

An apparatus and a method for preventing intrusion based on alert severity of signature detection and abnormal traffic are provided to calculate exact reliability of the alert severity of an abnormal traffic detecting sensor by using attack alerts collected form different kinds of detecting sensors, thereby properly dealing with the intrusion with respect to the abnormal traffic. A preprocessor(120) classifies attack alerts each having reliability and alarm severity, collected from different plural attack pattern detecting sensors(101) and an abnormal traffic detecting sensor(105), according to generation time and calculates a reference value showing consistency of attack alerts having the same generation time. A reliability calculator(130) calculates reliability of alarm severity of attack alerts generated by the abnormal traffic detecting sensor based on at least one of the reference value and alert severity of the attack alerts generated at the same time. A reliability calculator(130) calculates the reliability of alarm risk for an attack alarm, which is generated by the abnormal traffic detecting sensor, based on at least one of either the reference value calculated by the preprocessor or the alarm risk for attack alarms which occur at the same time.