Abstract:
An apparatus for analyzing and coping with an intrusion situation and a method for expressing attack detection alarms as an N-dimensional correlation graph are provided to enable a manager to intuitively recognize and cope with an intrusion situation by expressing an attack situation, its stages, and correlated attacks as a two or three-dimensional graph. An apparatus for analyzing and coping with an intrusion situation comprises the first analysis part(107) and the second analysis part(109). The first analysis part collects attack detection alarms from network alarm devices, classifies them, and expresses results as a three-dimensional graph. The second analysis part receives the results, executes vector conversion to project the three-dimensional graph onto a two-dimensional graph, and analyzes the correlations of attacks. The first analysis part comprises an attack detection alarm collection part, a classification part, and an N-dimensional express analysis part. The attack detection alarm collection part collects attack detection alarms. The classification part classifies the collected attack detection alarms according to attack stages and attack situations. The N-dimensional express analysis part outputs each classified attack stage as a three-dimensional graph.
Abstract:
PURPOSE: A Ladon-SGS(Security Gateway System), its security policy setting method and a harmful traffic detection alarm generating method are provided to control an illegal intrusion or a harmful traffic by analyzing a large scale network traffic and packet information. CONSTITUTION: A communication processor(21) sets connection with a security policy server and a Ladon-SGS and transfers and receives information according to security policy. A system controller(22) performs operations related to initialization of the Ladon-SGS and controls an overall system. A security policy processor(23) converts the security policy transferred from a security policy server into a form applicable to the Ladon-SGS. An intrusion detection analyzer(24) analyzes an intrusion as occurred through a network and transfers an analysis result to an intrusion detection alarm processor. An intrusion detection alarm processor(25) analyzes an intrusion alarm importance according to a pre-set security policy on the basis of information related to the intrusion type analyzed by the intrusion detection analyzer(24), compares the importance with a reference value, and determines whether to cope with it by a system or transfer it to the security policy server. A security policy storing unit(26) stores the security policy which has been converted by the security policy processor(23), the intrusion detection and corresponding results of the detected intrusion. A firewall processor(27) cuts off an illegal intrusion defined by a firewall policy and a harmful traffic.
Abstract:
PURPOSE: A method for separation and merge mesh is provided to enable the computer to converge two different lists of data into one organized list after executing operation using separation method CONSTITUTION: A method for separation and merge mesh comprises division, arrangement, merge, and rearrangement of data. In the first step, govern data is separated into two different lists. The divided data is then organized into row I and row J in the second step. Data in I and J row are then merged to form a new single row in the third step. In the last step, the merged data is reorganized and it forms a new row of data, which is saved under a new name.