1. Field of the Invention
The present invention relates to an apparatus and method for forecasting the security threat level of a network and, more particularly, to an apparatus and method for forecasting the security threat level of a network, wherein traffic data of a managed network and data on external malicious codes are collected and the security threat level of the managed network is forecast based on the collected data just like a weather forecast.
2. Discussion of Related Art
In recent years, with rapid growth of information and communication technologies (e.g., the Internet), cyber threats, such as Computer Hacking, viruses, worms and Trojan horse, have increased. There are techniques against cyber threats, for example, an intrusion detection system (IDS), an intrusion prevention system (IPS), a network control system, and an enterprise security management (ESM), but these defenses are only to detect the present attacks or provide data on the present state of a network. Since the data on the present state of the network is already old data, it is difficult for a manager or a user to prevent an incident in advance or effectively cope with the incident. Also, data on cyber threats contains only forecast situations, just like a special weather report, instead of that which computer users are actually anxious to know, such as a network speed or an attack threat level of a network.
Therefore, it is necessary to forecast data on the security threat levels of malicious codes (worms and viruses), a network speed (or network traffic), the origins of intrusion errors, the frequency of intrusion detection events, and the probability of network attacks to computer and network users, so that the users can provide against cyber attacks and take proper measures. However, although there are techniques, such as an IDS, an IPS, a network control system, an ESM, and a cyber-attack early warning system, a technique of forecasting cyber attacks has not yet been developed.