This application claims the priority of Korean Patent Application No. 10-2004-0091573, filed on Nov. 10, 2004, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
1. Field of the Invention
The present invention relates to an apparatus and method for detecting and visualizing anomalies in network traffic, and more particularly, to an apparatus and method for detecting anomalies and harmful traffic which are caused by direct and indirect results of cyber attacks occurring in a network or a defectiveness in constructing and operating the network and results in deterioration of network performance.
2. Description of the Related Art
In a conventional method for visualizing harmful traffic, the entire network traffic is usually visualized by being incorporated so that it is difficult to determine anomalies in traffic of a particular service. When harmful traffic is presented with respect to a port of a particular transport protocol, since a very large amount of data is required, difficulties lie in the processing speed and the presentation and analysis of an image. As a result, a manager oneself has to determine whether a particular traffic is normal or abnormal.
Also, since a presented traffic pattern image is very complicated, to automatically determine the existence of anomalies in a corresponding traffic, an image process technique is needed.