PURPOSE: An information model for a security policy of a policy-based network security system is provided to accept a detection policy, a cut-off policy, a sensing policy, an IP security policy and an alarm control policy by defining a policy information model. CONSTITUTION: A policy client system(120) analyzes packets accessing an internal network, detects an attack and transmits an alarm message to a policy server(110). The policy server(110) generates a systematical policy to cope with a possible attack through collective analysis by using traffic information, log information and alarm information received from multiple policy client systems(120). A policy storing unit(140) stores policies generated by the policy server(110). A policy determining module(112) transfers the policies of the policy storing unit(140) to the policy client system(120), and if a problem arises during performing a policy, the policy determining module(112) transfers it to a viewer(160). An alarm management module(114) stores alarm data transferred from the policy client system(120) in an alarm database(150) and transfers the alarm data and a result obtained by analyzing the alarm data to the viewer(160).
展开▼
