1. Technical Field
The present invention generally relates to technology for verifying network traffic detection rules used in a network security system and, more particularly, to technology for verifying detection rules required to detect network traffic using a signature included in detection rules.
2. Description of the Related Art
Companies that provide various types of services over the Internet have introduced and operated various types of network security equipment so as to protect service networks from internally and externally originating malicious traffic. Network security equipment such as intrusion detection systems, intrusion prevention systems, and integrated security equipment chiefly uses signature-based pattern matching detection rules to determine whether traffic is malicious.
Network traffic detection rules may be generated and verified only when there is professional knowledge about networks, security, and an operating system (OS). Further, the generation and verification of network traffic detection rules depend directly on the performance and reliability of network security equipment, and thus it is very important to generate network traffic detection rules and verify the generated detection rules.
When incorrect network traffic detection rules are generated, network security equipment must perform unnecessary operations, and thus the performance of the network security equipment is deteriorated.
Further, incorrect network traffic detection rules entail a high risk of generating false positive rates, thus decreasing the reliability of network security equipment and potentially incapacitating the network in which network security equipment is installed.
Therefore, the verification of network traffic detection rules is very important to network security. Further, at the present time, detection rules are generated such that a security expert or a network expert personally collects and analyzes malicious traffic and individually generates and verifies detection rules. However, there are limitations in that there are very few experts who can verify detection rules and in that it takes a lot of time to verify detection rules.
Therefore, there is an urgent need to develop technology for verifying network traffic detection rules, which allow even semi-skilled workers to rapidly and accurately verify the detection rules.