(a) Field of the Invention
The present invention relates to a network correction security system and method, and more particularly, to a network correction security system and method for preventing network attacks and correcting attacks that occur to carry out security performance.
(b) Description of the Related Art
Recently, intrusions to or attacks on networks have been rapidly evolved with the popularization of computers and the Internet. The attacks paralyze the networks to result in a severe economical loss caused by, for instance, suspension of electronic commercial transactions and social chaos due to the interruption of providing Internet service.
Accordingly, an intrusion detection system (IDS), one of security systems, has been proposed in order to cope with attacks from hackers. The intrusion detection system requires an improved structure in terms of software and hardware since the attacks from the hackers become more sophisticated and a network bandwidth is rapidly increasing.
A conventional IDS is classified into a host IDS and a network IDS. The host IDS protects a single terminal system such as a server or a personal computer and a network application using an auditing system or even logs. The network IDS monitors network traffic to detect attacks or intrusions of hackers and blocks the attacks or intrusions. The development of the network IDS is concentrated on signature detection, anomaly detection, and detection of denial of service.
However, a conventional security system such as a Firewall and an intrusion prevention system as well as the host IDS and network IDS requires a considerably long period of time to recover a fault generated in a system and normally operate the system. This is because the conventional security system lacks a technique of continuing services the system has been providing by utilizing restricted resources while the system is having a fault or recovering functions of the system.
Furthermore, the conventional security system needs a technique that dynamically improves the system having a fault in cooperation with an external system to prevent the generation of the fault in advance and prevent the same failure from being repeated.
Therefore, there are required a system and method for correctly detecting the type of a network intrusion, which varies rapidly, to recover the performance of a corresponding system having a fault within a short period of time and preventing the same failure from being repeated in the system.