Apparatus and method for sampling security events based on contents of the security events

Assignee

• KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY · KR

Inventors

• Chi Yoon Jeong · Daejeon, KR
• Beom Hwan Chang · Daejeon, KR
• Seon Gyoung Sohn · Daejeon, KR
• Geon Lyang Kim · Daejeon, KR
• Jong Hyun Kim · Daegu, KR
• Jong Ho Ryu · Cheonan-si, KR
• Jung Chan Na · Daejeon, KR
• Jong Soo Jang · Jicheon-myeon, KR
• Sung Won Sohn · Daejeon, KR

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06Q10/06
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.