The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 11, 2010
Filed:
Apr. 15, 2008
Eun Young Lee, Daejeon, KR;
Seung Hyun Paek, Daejeon, KR;
IN Sung Park, Daejeon, KR;
Joo Beom Yun, Daejeon, KR;
Ki Wook Sohn, Daejeon, KR;
Eun Young Lee, Daejeon, KR;
Seung Hyun Paek, Daejeon, KR;
In Sung Park, Daejeon, KR;
Joo Beom Yun, Daejeon, KR;
Ki Wook Sohn, Daejeon, KR;
Electronics and Telecommunications Research Institute, Daejeon, KR;
Abstract
An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.