Apparatus, method and computer readable recording medium for analyzing a reputation of an internet protocol

PURPOSE: An internet protocol (IP) address reputation analyzing apparatus, a method thereof, and a computer-readable recording medium are provided to maintain reliable IP address reputation information for each IP address in a network, thereby enabling accurate identification about an attacker and a target and accurate true or false positive determination about an attack when an event is generated. CONSTITUTION: A signature analyzing part (220) analyzes a packet to check the existence of a code corresponding to a specific signature which was stored in a database in advance. If a code corresponding to the specific signature is found as an analysis result of the signature analyzing part, a reputation score calculation part (230) reads predetermined danger degree and false positive rate information about the found corresponding signature from a signature information database. The reputation score calculation part calculates a reputation score based on the danger degree and false positive rate information read from the database. An analysis result storing part (240) stores the reputation score calculated at the reputation score calculation part in a reputation information database along with the IP address information of the packet. [Reference numerals] (210) Packet collecting part; (220) Signature analyzing part; (230) Reputation score calculation part; (240) Analysis result storing part; (250) External reputation information collecting part; (260) Information renewing part; (270) Information request processing unit; (281) Signature information D/B; (282) TMS log information D/B; (283) Reputation information D/B; (AA) 120 or 150; (BB) IP reputation analysis device; (CC) Signature; (DD) Degree of risk; (EE) False Positive