Abstract:
PURPOSE: An apparatus and a method for detecting intrusion and a network security system and a method thereof are provided to set a trap port by enabling a honey pot to receive a port number opened to allow attack of a hacker, thereby preventing waste of computing resources and over network traffics due to a process which manages the trap port. CONSTITUTION: An apparatus for detecting intrusion includes a trap port setting unit and an intrusion detecting unit. A trap port setting unit(110) is connected to a network among ports that a client terminal device doesn't use. At least one port corresponding to a port number allowing attack provided from a network security system including information of a honey pot system is selected to set a trap port. The intrusion detecting unit(150) transmits a packet flown into the trap port to the honey pot system.