首页>
外国专利>
INTRUSION PREVENTION APPARATUS BASED ON ALERT SEVERITY OF SIGNITURE DETECTION AND ABNORMAL TRAFFIC AND METHOD THEREOF
INTRUSION PREVENTION APPARATUS BASED ON ALERT SEVERITY OF SIGNITURE DETECTION AND ABNORMAL TRAFFIC AND METHOD THEREOF
展开▼
机译:基于特征检测和异常流量严重性的入侵预防装置及其方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
An apparatus and a method for preventing intrusion based on alert severity of signature detection and abnormal traffic are provided to calculate exact reliability of the alert severity of an abnormal traffic detecting sensor by using attack alerts collected form different kinds of detecting sensors, thereby properly dealing with the intrusion with respect to the abnormal traffic. A preprocessor(120) classifies attack alerts each having reliability and alarm severity, collected from different plural attack pattern detecting sensors(101) and an abnormal traffic detecting sensor(105), according to generation time and calculates a reference value showing consistency of attack alerts having the same generation time. A reliability calculator(130) calculates reliability of alarm severity of attack alerts generated by the abnormal traffic detecting sensor based on at least one of the reference value and alert severity of the attack alerts generated at the same time. A reliability calculator(130) calculates the reliability of alarm risk for an attack alarm, which is generated by the abnormal traffic detecting sensor, based on at least one of either the reference value calculated by the preprocessor or the alarm risk for attack alarms which occur at the same time.
展开▼