公开(公告)号：US20130318609A1

公开(公告)日：2013-11-28

申请号：US13902069

申请日：2013-05-24

Applicant: Electronics and Telecommunications Research Institute

Inventor： Ki Young KIM ,  Sungwon YI ,  Sun Hee LIM ,  Jonghyun KIM ,  Dae-Hee SEO ,  BYUNG-GIL LEE

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/1425

Abstract: An apparatus for quantifying network threat situations includes a traffic analyzing unit to analyze packet patterns of traffics occurring on a target network being monitored to extract one or more suspicious domains. An IP monitoring unit gives security levels among a plurality of security levels to the suspicious domains according to the number of access IPs accessing the suspicious domains. An activity index computing unit computes activity indices for the suspicious domains from activity indices according to the access times to the suspicious domains of the access IPs. An attack amount anticipation unit analogizes an expected amount of attacks for each suspicious domain according to an expected amount of attacks for each zombie computer, the security level and the activity index of the suspicious domain.

Abstract translation: 用于量化网络威胁情况的装置包括业务分析单元，用于分析在被监视的目标网络上发生的流量的分组模式，以提取一个或多个可疑域。 IP监控单元根据访问可疑域的访问IP的数量，向可疑域提供多个安全级别之间的安全级别。 活动索引计算单元根据访问IP的可疑域的访问时间，从活动索引计算可疑域的活动索引。 攻击量预期单元根据每个僵尸计算机的预期攻击次数，可疑域的安全级别和活动索引类似于每个可疑域的预期攻击次数。