1. Field of the Invention
The present invention relates to a method and system for detecting and responding to harmful traffic in real time in an All-IP convergence network, and more particularly, to a method and system for detecting and responding to harmful traffic, capable of facilitating the implementation of a sinkhole tunnel technique even in the case of an unknown pattern of harmful traffic, which includes a distributed attack and a virus, by using the policy routing function of a router and a policy & resource control entity.
2. Description of the Related Art
In order to detect and prevent a Distributed Denial of Service (DDoS) attack, methods such as pattern-based filtering techniques or queue management techniques are typically used. In most cases, these typical methods observe traffic on a network and detect a DDoS attack; however, they have limitations in that only known patterns are detected and prevented.
In order to solve this limitation, there has been proposed a sinkhole tunneling technique in which data is caused to pass through a predetermined tunnel without changing the next hop address of a destination address, required operations such as access control list (ACL), rate-limit or analysis are performed in the tunnel, and then the data, when determined to be normal data, is let out of the tunnel such that the data can be sent to an original destination. This attack prevention method requires a sinkhole router connected to analysis modules, and needs to generate a tunnel that introduces packets from a router into the sinkhole router.
However, no sinkhole tunneling techniques according to the related art define a method of detecting and responding to harmful traffic of unknown patterns in real time, without using a separate sinkhole router.