1. Field of the Invention
The present invention relates to a device and a method for generating statistical information. More particularly, the present invention relates to a device and a method for generating statistical information for VoIP (Voice over Internet Protocol) traffic analysis and abnormal attacking VoIP detection.
2. Description of the Prior Art
In general, traffic itself is an important property of a network service provider, is a means for monitoring a network state, and is an important factor in the generation of network design data.
On the other hand, with the spread of Internet phones and so on, the necessity of analyzing traffic on a network has been increased, and thus a traffic monitoring technique has also been developed. Such traffic monitoring may be performed to simply grasp the network state and/or may be performed to grasp abnormal traffic, find vulnerability of the network, and take preventive measures against the vulnerability.
As such a traffic monitoring technique, a monitoring technique based on a flow, which is a set of packets between two end points on a network, has been mainly used due to the high-speed network. According to “Netflow” of Cisco Systems, Inc. which is the representative of the flow-based monitoring method, a router measures the flow of packets at a flow level.
Recently, Cisco Systems, Inc. has announced “Netflow V9 (Version 9)” that enables a user to configure a template and to monitor diverse traffic information on the network. However, the existing generator generates the netflow based on 5-tuple information (e.g. a transmitter IP, a receiver IP, a transmitter port, a receiver port, and a protocol), and thus it cannot properly use the Netflow V9.
That is, with the spread of Internet phones and a NAT environment, the current VoIP traffic can be accurately analyzed through the generation of statistical information (e.g. netflow) based on additional information, such as a transmitter URI, a receiver URI, and the like, in addition to the existing 5-tuple information. However, the existing generator does not support this, and thus there is a difficulty in performing a reliable VoIP traffic analysis.