Real-time network attack pattern detection system for unknown network attack and method thereof

Assignee

• KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY · KR

Inventors

• Jintae Oh · Daejeon, KR
• Seung Won SHIN · Daejeon, KR
• Ki Young Kim · Seongnam-si, KR
• Jong Soo Jang · Jicheon-myeon, KR
• Sung Won Sohn · Daejeon, KR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1408
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.