상세정보
등록 네트워크 공격 탐지 장치 및 방법
- 출원번호
- 11926132 (2007.10.29)
- 공개번호
- 20080134334 (2008.06.05)
- 등록번호
- 8095973 (2012.01.10)
- 출원국
- 미국
- 협약과제
- 06MK2400, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
- 초록
- There are provided a network attack detection apparatus and method capable of determining even unknown network attack, the apparatus connected between two networks or connected by port mirroring of an Ethernet switch to real-time monitor all packets flowing through the networks. The apparatus decodes a payload portion of an inputted network packet into a machine code instruction, determines whether an executable code is included in the decoded machine code by analyzing relationship between instructions, and determines whether the packet is harmful based on statistics with respect to a possibility that an executable code exists in a service and a certain transaction of the service when the executable code is included.