公开(公告)号：KR1020090106197A

公开(公告)日：2009-10-08

申请号：KR1020080031757

申请日：2008-04-04

Applicant: 숭실대학교산학협력단

Inventor： 김명호 ,  김익수

IPC: H04W12/08 ,  G06F21/12 ,  H04L9/00

CPC classification number: H04W12/08 ,  G06F21/126 ,  H04L9/00

Abstract: PURPOSE: An apparatus and a method for detecting intrusion and a network security system and a method thereof are provided to set a trap port by enabling a honey pot to receive a port number opened to allow attack of a hacker, thereby preventing waste of computing resources and over network traffics due to a process which manages the trap port. CONSTITUTION: An apparatus for detecting intrusion includes a trap port setting unit and an intrusion detecting unit. A trap port setting unit(110) is connected to a network among ports that a client terminal device doesn't use. At least one port corresponding to a port number allowing attack provided from a network security system including information of a honey pot system is selected to set a trap port. The intrusion detecting unit(150) transmits a packet flown into the trap port to the honey pot system.

Abstract translation: 目的：提供一种用于检测入侵和网络安全系统的装置和方法及其方法，用于通过使蜂蜜罐能够接收打开以允许黑客攻击的端口号来设置陷阱端口，从而防止计算资源的浪费 以及由于管理陷阱端口的进程而导致的网络流量。 构成：用于检测入侵的装置包括陷阱端口设置单元和入侵检测单元。 陷阱端口设置单元（110）在客户终端设备不使用的端口中连接到网络。 选择对应于允许从包括蜂窝系统的信息的网络安全系统提供的攻击的端口号的至少一个端口来设置陷阱端口。 入侵检测单元（150）将传送到陷阱端口的分组传送到蜂窝系统。