公开(公告)号：KR101156005B1

公开(公告)日：2012-06-18

申请号：KR1020090125192

申请日：2009-12-16

Applicant: 한전케이디엔주식회사

Inventor： 김진철 ,  엄익채 ,  이기동

IPC: G06F21/55 ,  H04L12/22 ,  H04L12/26

Abstract: PURPOSE: A network attack detection and analysis system is provided to detect a new malicious cyber attack which is hard to deal with a signature based technique by analyzing the correlation of traffic property through real-time and post monitoring of inside and external traffic. CONSTITUTION: A firewall(110) determines to block the traffic coming into a private network from outside and coming out from the inside of the private network. A virtual honey pot(120) includes a virtual machine and collects network attack data. The VM emulates the operation of the OS. A honey pot manager(130) controls the installation, operation, and setting change of the VM, and monitors the operation of the virtual honey pot. A packet collector(140) collects the packet data coming into the virtual honey pot or coming out from the virtual honey pot.

公开(公告)号：KR1020110068308A

公开(公告)日：2011-06-22

申请号：KR1020090125192

申请日：2009-12-16

Applicant: 한전케이디엔주식회사

Inventor： 김진철 ,  엄익채 ,  이기동

IPC: G06F21/55 ,  H04L12/22 ,  H04L12/26

CPC classification number: H04L63/0227 ,  G06F21/566 ,  H04L63/1425 ,  H04L63/1458 ,  H04L63/1491

Abstract: PURPOSE: A network attack detection and analysis system is provided to detect a new malicious cyber attack which is hard to deal with a signature based technique by analyzing the correlation of traffic property through real-time and post monitoring of inside and external traffic. CONSTITUTION: A firewall(110) determines to block the traffic coming into a private network from outside and coming out from the inside of the private network. A virtual honey pot(120) includes a virtual machine and collects network attack data. The VM emulates the operation of the OS. A honey pot manager(130) controls the installation, operation, and setting change of the VM, and monitors the operation of the virtual honey pot. A packet collector(140) collects the packet data coming into the virtual honey pot or coming out from the virtual honey pot.

Abstract translation: 目的：提供网络攻击检测和分析系统，通过对内部和外部流量的实时和后期监控，分析流量属性的相关性，检测出难以应对基于签名的技术的新的恶意网络攻击。 规定：防火墙（110）确定阻止从外部进入专用网络的流量并从专用网络内部出来。 虚拟蜂巢（120）包括虚拟机并收集网络攻击数据。 VM模拟操作系统的操作。 蜜罐经理（130）控制虚拟机的安装，操作和设置更改，并监控虚拟蜂蜜罐的操作。 分组收集器（140）收集进入虚拟蜂蜜罐的分组数据或从虚拟蜂蜜罐中出来。