The invention relates to a
mimicry defense architecture based zero-day
attack detection, analysis and
response system and a method thereof. The method comprises the steps of performing
attack detection and
processing on the input,
cheating and inducing an attacker through
honeypot type executing bodies, and performing meta-function inspection on the output of each executing body; performing
statistical analysis on abnormal output by combining abnormal information, updating a zero-day
attack database, feeding back an analysis result to an
intrusion response module, and preventing persistent attacks of the attacker; performing dynamic adjustment and management on an online executing body by combining voting conditions, executing body dispatching, the executing body with abnormal output and the like, and selecting executing bodies from an executing body
resource pool to get into a dynamic online executing body set; and analyzing a zero-day
vulnerability in the executing body with abnormal output according to an anomaly
statistical analysis result, and repairing the related executing bodies in the executing body
pool. According to the invention, functions and the flexibility of
mimicry defense architecture are enhanced, values of the abnormal output are sufficiently utilized, and the
threat and the defense cost of zero-day attacks are reduced.