Apparatus of content-based Sampling for Security events and method thereof

The present invention is directed to a collection of security events received from network devices existing on a network, for efficiently sampling the security event based on contents of the security event when analyzing apparatus and method, the present invention occurs in the network device security event accumulating module collects security events for each type of storage depending on the content of security events; A security event analysis module for analyzing the stored security events, calculates the distribution of each type of security events; And it can be increased by the calculated type comprising: a security event extraction module sampling the stored security events according to the distribution of the security event, and improves the visualization and velocity of the security event a security event analysis apparatus of accuracy. Security Event, the sampling rate, port, correlation analysis