Misuse intrusion detecting apparatus and method in misuse intrusion detecting system

摘要

1. TECHNICAL FIELD OF THE INVENTION;The present invention relates to a misuse intrusion detection apparatus and method in the misuse intrusion detection system.;2. The technical problem to be solved by the invention;The present invention is a misuse intrusion detection apparatus and a method for realizing the method and the method to recognize and track which part of the intrusion scenario when the pattern currently being processed in the misuse intrusion detection system is a pattern belonging to the intrusion scenario. To provide a computer-readable recording medium that records the data.;3. Summary of the Solution of the Invention;The present invention includes intrusion determination means for determining whether an intrusion is made by receiving audit data or a packet from the outside and using a pattern progress recording file recorded in the pattern progress recording means; According to the pattern progress record file determined by the intrusion determination means, each pattern of the misuse intrusion scenario is composed of one record, and according to the order and the total number of patterns of each scenario, the current index value (current_index) and Misuse intrusion pattern storage means for storing a total index value (total_index); And the pattern progress recording means for managing a separate pattern progress recording file for each intrusion scenario to check whether the current pattern is a predetermined pattern of which intrusion scenario, and record the progress of each pattern.;4. Important uses of the invention;The present invention is used for misuse intrusion detection system and the like.