Method and apparatus for managing security in large network environment

A method and an apparatus for managing security in large network environment are provided to detect an attack pattern of a network by classifying traffic information depending on a flow having the same characteristic, and to recognize attack situation by analyzing the statistical information. An apparatus for managing security is made up of a traffic receiver(110), a traffic classifier(120), a traffic analyzer(130) and an external interface(140). The traffic receiver collects traffic information(Net flow) from all router which are scattered in a large network in real time. The traffic classifier comprises multi hash table having a stratified structure, and stores the traffic information as traffic statistics information by classifying the traffic information into each flow group. The traffic analyzer receives the traffic statistics information, detects flows which show abnormal indication, and recognizes attack situation. The external interface notifies the present security situation to the outside according to the notified attack situation.