1. Field of the Invention
The present invention relates to an apparatus and method of displaying a network security situation, and more particularly, to an apparatus and method of displaying a security event of a network.
2. Discussion of Related Art
Security visualization related to network communication is a procedure of representing a log record, an attack detection event, etc, by visual means. Generally, a security situation can be analyzed more effectively by displaying information as graphics using diagrams or pictures rather than texts. Accordingly, the security visualization is used for the purpose of supporting monitoring of a security event and traffic, management of a security apparatus, security control, etc.
Traffic data generated in a conventional network apparatus and a warning message generated in a security apparatus are security events of a text type. Since it takes a long time to analyze so many messages of the text type, it is difficult to recognize an important attack event within a short time.
To solve the problem, various technologies for monitoring the security situation of a network have been proposed, and recently, technology of visualizing network traffic in which a manager can actually recognize network attack situation information through combination with event visualization technology is being proposed.
The network security event visualization technology is technology in which a manager intuitively recognizes the network security situation such as detection of a network attack, pattern analysis of unknown attacks, detection of a network abnormal status, etc. by visualizing a vast amount of events in real time. A large amount of information related to the security can be easily and exactly transmitted to a network manager using the network security event visualization technology. Further, unknown attacks and zero-day attacks can be recognized.
Technology titled “a three-dimensional security situation display apparatus and method of representing a security event using a protocol cube and an internet protocol (IP) address map” is disclosed in Korea Patent Publication No. 10-2008-0050919. The protocol cube represents various protocols and port information, and the IP address map represents IP addresses of source and destination. The disclosed security situation display apparatus and method is effective for recognizing the security situation of entire network quickly and intuitively by monitoring an entire IP address space.
However, the network traffic visualization technology targeting the entire network is difficult to recognize the event intuitively since the traffic data is displayed intensively only on a portion of the IP address space when applying to a single domain or a multi domain.