METHOD AND DEVICE FOR DETECTING ATTACK ON NETWORK HOSTS USING NETWORK ATTACK INTENSITY CALCULATION METHOD BASED ON COMPUTING RESOURCE CAPACITY

摘要

A network host attack detection method using a network attack strength measurement technique based on a computing resource capacity is disclosed. That is, (a) the endpoint threat analysis system, according to a predetermined time schedule, (i) the first to the Nth hosts-N is an integer greater than or equal to 1-the first to M1 endpoint switches connected to at least some of the -M1 Is an integer of 1 or more and N or less-A process of acquiring 1_1 to N_1 row resource data corresponding to the first to Nth hosts through a predetermined network sensor operating in conjunction with and (ii) each Through the first to M2th endpoint agents corresponding to the first to Nth hosts-M2 is an integer of 1 or more and N or less -, the 1_2 to N_2th row resources corresponding to each of the first to Nth hosts Performing a process of obtaining data; (b) The endpoint threat analysis system includes: (i) first to Nth energies corresponding to the first to Nth hosts with reference to the planned throughput modeling formula and the 1_1 to N_1 raw resource data A process for generating animation data and (ii) first to Nth reference resource data corresponding to the first to Nth hosts with reference to the planned capacity modeling formula and the 1_2 to N_2 row resource data Performing a process to generate a; And (c) the endpoint threat analysis system, with reference to the first to Nth energy estimation data and the first to Nth reference resource data, first to Nth hosts corresponding to the first to Nth hosts. Disclosed is a method comprising the step of generating an Nth opponent attack threat.