1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to a intrusion detection in a terminal device, and more particularly, to intrusion detection in a terminal device that supports a plurality of operating systems.
2. Description of the Related Art
As networking techniques are developed, attacks on terminal devices connected to networks continue to increase. Thus, a method of intrusion detection has been developed to protect terminal devices from attacks.
Related art systems for detecting intrusion include a network-based intrusion detection system (NIDS) that detects intrusion into a terminal device by analyzing network traffic in the network equipment, such as a router, and a host-based intrusion detection system (HIDS) that detects intrusion in a terminal device by analyzing traffic in the terminal device itself.
FIG. 1 is a block diagram for explaining a method of intrusion detection in a related art HIDS.
Referring to FIG. 1, an operating system 120 installed on a related art terminal device 110 includes an intrusion detecting apparatus 122. A terminal device can include devices that can be connected to a network such as personal computers (PCs), notebooks, personal digital assistants (PDAs), and mobile phones for example.
The intrusion detecting apparatus 122 includes a data collecting unit 122a, a data analyzing unit 122b, and a result notifying unit 122c. The intrusion detecting apparatus 122 may be implemented by a software-oriented module.
The data collecting unit 122a periodically collects intrusion detection data in order to analyze whether there is an intrusion in the operating system 120 or not.
The intrusion detection data includes access records for applications and data which can be used by the operating system 120. For example, if a third party approaches user data in the operating system 120 of a terminal device, records of when and how the data is used are created, and the intrusion detection data includes these records.
The data analyzing unit 122b determines whether there is an intrusion by analyzing the collected intrusion detection data.
If the data analyzing unit 122b determines that there is an intrusion, the result notifying unit 122c notifies the user that there is an intrusion.
In a the related art HIDS, the intrusion detecting apparatus 122 is driven together with another application in one operating system 120. Thus, if the operating system 120, on which the intrusion detecting apparatus 122 is installed, does not operate properly during an attack, the intrusion detecting apparatus 122 also will not operate properly. Additionally, the method of intrusion detection in a related art NIDS uses a method of analyzing network traffic, and thus, the intrusion on a terminal device cannot be analyzed in detail.