GENERATION APPARATUS AND METHOD OF DETECTION RULES FOR ATTACK BEHAVIOR BASED ON INFORMATION OF NETWORK SESSION

摘要

The present invention relates to a method and apparatus for automatically generating and automatically updating attack behavior detection rules for network session characteristic information. The network data classified by session characteristic information may be divided into session characteristic information and normal data type, attack type, and unknown type. Network session feature information extracting unit converting to input data format including properties of belonging network data type and extended C4.5 algorithm applied to network data converted to input data format to construct decision tree, and final node of decision tree Generates the accuracy of decision tree based on error rate, and generates detection rule patterned by network data type based on the characteristics of network data type, conditional expression for selecting node with optimal information gain of decision tree, and accuracy. Detection including automatic detection rule generation Create and update rules automatically.;Network session property information, detection rule, decision tree, auto generation, auto update