An apparatus and method for invasion detection system based on host system including access control function

摘要

PURPOSE: A host-based IDS(Intrusion Detection System) including an access control function on a kernel level and a method thereof are provided to offer a post and pre-intrusion detecting function by including an access controller for controlling execution of a system call on the kernel level. CONSTITUTION: A collector(303) collects/stores logs of a system call level generated by the system kernel(302). The access controller(301) judges intrusion by using the system call. An intrusion detector(304) judges the intrusion by comparing log information of the system call level generated from the system kernel with preset intrusion patterns. A countering part(305) executes confrontation for the detected intrusion according to preset countering methods and makes the log for a confronting result. A communicator(306) undertakes communication between an engine and a management console(307), sends the log received from the intrusion detector and the countering part to the management console, and transfers information for engine control from the management console to each part.