Log-based traceback system and method by using the centroid decomposition technique

That, intrusion detection log information of an intrusion alarm from the system (log data) log information input module that collects a system and method for tracking station the attacker by using the center partition (Centroid Decomposition) technique in accordance with an embodiment of the present invention; .; By applying a shortest path algorithm for the connection information of the network router collected from the network management server applies a center point division method (centroid decomposition technique) generating a shortest path tree, removing the leaf nodes in the shortest path tree centroid node a detection and centroid detection node module for generating a tree centroid to centroid of the detected level of the node to each node (node ​​centroid); And a router connected to the attacker in the source matching compared sequentially for each level of the centroid tree, each level to request the log information of the router to be matched against nodes log information of the collected intrusion alarm and centroid tree of being configured to include traceback traceback processing module, you can find the attackers to cause security breaches quickly, and reduce the load on the back-trace system, so the threat or vulnerability is easy to understand the way of the host that is exposed to attacks to the effect that the response is easy. Center split technique, intrusion detection, log-based, backtracking