BLACKLIST MANAGEMENT APPARATUS IN A POLICY-BASED NETWORK SECURITY MANAGEMENT SYSTEM AND ITS PROCEEDING METHOD

摘要

PURPOSE: A device and a method for managing blacklists in a policy-based network security control system are provided to collect and analyze various network information in real time, so as to notify an operator of user addresses and host addresses exceeding a reference value and generate a network packet cutoff policy for a corresponding IP(Internet Protocol) address. CONSTITUTION: An intrusion detection alarm receiver(301) collects network intrusion alarm data from a security gateway(103) in real time. A dangerous IP address generator(302) extracts blacklist-related information from the collected network intrusion alarm data, and records the extracted information in a potential blacklist DB(307). A blacklist analyzer(303) compares and analyzes whether a network intrusion exceeds a preset threshold from the extracted blacklist-related information. An event generator(304) generates event information to record an event log in a dangerous blacklist DB(309), if the network intrusion is decided to exceed the threshold through the blacklist analyzer(303). A blacklist event monitor(305) notifies the event information generated by the event generator(304) to a remote security manager through a network. And a blacklist cut-off policy manager(310) generates and transmits a packet cutoff policy for a specific IP address through the event information and the event log.