-
公开(公告)号:KR1020030069241A
公开(公告)日:2003-08-27
申请号:KR1020020008663
申请日:2002-02-19
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A device and method for chasing the root of an invader is provided to execute a reverse chase of the root of an invader sequentially without changing components of a network through all networks including the Internet. CONSTITUTION: A detection module(7) detects an invasion and analyzes an invasion-detected system. A reverse chase agent(2) obtains an IP address of a previous system based on traces created in the system caused by an invasion. A server(4) receives an IP address of the system analyzed from the detection module(7) and the reverse chase agent(2), and monitors/manages a chase state of the reverse chase agent(2). An agent installation module(5) installs the reverse chase agent(2) in the system of the IP address being supplied from the server(4). An analysis module(3) communicates the reverse chase agent(2) with the server(4) safely and analyzes the system based on the obtained IP address. A data managing module(6) stores a series of chase and analysis processes being supplied from the server(4) and supplies data necessary for a searching process to the server(4).
Abstract translation: 目的:提供用于追逐入侵者根的设备和方法,以顺序地执行侵入者的根的反向追逐,而不需要通过包括因特网在内的所有网络改变网络的组件。 构成:检测模块(7)检测入侵并分析入侵检测系统。 反向追踪代理(2)基于由入侵引起的在系统中创建的跟踪获得先前系统的IP地址。 服务器(4)从检测模块(7)和反向追踪代理(2)接收分析的系统的IP地址,并监视/管理反向追踪代理(2)的追逐状态。 代理安装模块(5)将逆向追踪代理(2)安装在从服务器(4)提供的IP地址的系统中。 分析模块(3)安全地将反向追踪代理(2)与服务器(4)进行通信,并根据获得的IP地址对系统进行分析。 数据管理模块(6)存储从服务器(4)提供的一系列追逐和分析过程,并向服务器(4)提供搜索过程所需的数据。
Search Results
1
records
(took 0.017 seconds)
