1. Field of the Invention
The present invention relates generally to an apparatus for displaying network status and, more particularly, to an apparatus for displaying network status, which analyzes the validity and illegality of packets flowing from an external information communication network by analyzing connection information in the headers of the packets, and enables current network status to be easily detected by detecting traffic patterns that cause abnormal situation in an internal network.
2. Description of the Related Art
Recently, various network-related technologies and applications are being developed. As such a network becomes a core part of a networking technology field, agents for controlling and managing the network, which is an aggregate of heterogeneous apparatuses, are required. However, illegal access to such agents can destroy the security of companies. In order to protect the security of companies or other networks from external attacks, many technologies, such as intrusion detection, intrusion blocking, back-tacking and virus protection, are required according to the characteristics of networks.
However, methods of monitoring and controlling abnormal network status have detected such abnormal network status by examining only a specific element of collected network traffic information, or do not consider the relationships between various elements even though examining the elements.
As an example, there is a method of analyzing network traffic status in which abnormal attack status is detected using the ratio of the number of packets flowing into a network and the number of packets flowing out of the network. In this case, the method is disadvantageous in that a large amount of packet information is required to determine network status to be a scanning attack.
As another example, there is a method of analyzing network traffic status in which the amount of traffic for each of the source addresses, destination addresses and port numbers of packets is measured. This method is problematic in that an attack type cannot be accurately determined because the relationship between the results of the measurement is not considered.