Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof

摘要

PURPOSE: A system and a method for detecting the intrusion using the diverse intrusion detection models are provided to detect a case violating a security policy set by introducing a traditional access control technology to the intrusion detection system. CONSTITUTION: The intrusion detection system comprises a data collector, a data filtering and condensing part(230), an intrusion detector(240), a warning and reporting part, and an intrusion responding part(260). The data collector collects all traffics to a network having a monitoring target server(210) from an external or internal network(200) and transfers the collected data to the data filtering and condensing part. The data filtering and condensing part filters only the traffics to a monitoring target system, and converts and condenses the data to detect the intrusion by extracting the data necessary for the intrusion detection. If the intrusion detector judges the intrusion, the warning and reporting part reports the warning and the related inspection records and the intrusion responding part carries out the defined responding activity such as the environment resetting of the access control system.