Method and system for verifying validity of detection result

What is claimed is: 1. A validity verification method comprising: receiving, using at least one processor, an event to be analyzed from a security information & event management (SIEM) server, the event to be analyzed corresponding to a potential attack, the event to be analyzed selected by the SIEM server from a plurality of events detected by different security devices based on a desired correlation rule used to filter the plurality of events received by the different security devices; registering, using the at least one processor, the event to be analyzed; collecting, using the at least one processor, raw data associated with the registered event from a security device corresponding to the registered event among the different security devices in response to the registration of the event; acquiring, using the at least one processor, location information of an intended network location associated with a network attack based on the collected raw data; simulating, using the at least one processor, a network attack using the acquired location information based on the network attack corresponding to the registered event; determining, using the at least one processor, a validity status of the registered event based on the simulated network attack; generating, using the at least one processor, an exceptional processing message of the registered event based on results of the determining the validity status of the registered event; and transmitting, using the at least one processor, the generated exceptional processing message to the SIEM server. 2. The method of claim 1 , wherein in response to the registered event corresponding to the exceptional processing message being redetected and received by the different security devices, the SIEM server is caused to update the correlation rule to automatically process the redetected and received event. 3. The method of claim 1 , further comprising: transmitting, using the at least one processor, a validity message of the registered event to the SIEM server indicating the registered event is valid based on the results of the determining the validity status; and receiving, using the at least one processor, from the SIEM server, an alert message generated by the SIEM server in response to the event corresponding to the validity message being redetected and received by the SIEM server by the different security devices. 4. The method of claim 1 , wherein the determining the validity status comprises: determining the validity status of the registered event based on a response to the simulated network attack received from a computer system corresponding to the acquired location information. 5. The method of claim 1 , wherein the acquired location information comprises a uniform resource identifier (URI) for a webpage of a network; and the determining comprises, receiving a response code for a state of the webpage through a connection to the webpage using the URI, analyzing the received response code, and determining the validity status of the registered event based on results of the analysis of the received response code. 6. The method of claim 1 , further comprising: providing, using at least one processor, a user interface for designating a validity status for the registered event. 7. The method of claim 1 , wherein the collecting the raw data associated with the registered event further includes: collecting the raw data associated with the registered event from a database included in the security device corresponding to the registered event. 8. A validity verification server, comprising: at least one processor configured to execute computer-readable instructions to, receive an event to be analyzed from a security information & event management (SIEM) server, the event to be analyzed corresponding to a potential attack, the event to be analyzed selected by the SIEM server from a plurality of events detected by different security devices based on a desired correlation rule used to filter the plurality of events received by the different security devices; register the event to be analyzed; collect raw data associated with the registered event from a security device corresponding to the registered event among the different security devices in response to the registration of the event; acquire location information of an intended network location associated with a network attack based on the collected raw data; simulating a network attack using the acquired location information based on the network attack corresponding to the registered event; determine a validity status of the registered event based on the simulated network attack; generate an exceptional processing message of the registered event based on results of the determining the validity status of the registered event; and transmit the generated exceptional processing message to the SIEM server. 9. The validity verification server of claim 8 , wherein, in response to the event corresponding to the exceptional processing message being redetected and received by different security devices, the SIEM server is caused to update the correlation rule to automatically process the redetected and received event. 10. The validity verification server of claim 8 , wherein the at least one processor is further configured to: transmit a validity message of the registered event to the SIEM server indicating the registered event is valid based on the results of the determining the validity status; and receive, from the SIEM server, an alert message generated by the SIEM in response to the event corresponding to the validity message being redetected and received by the SIEM server by the different security devices. 11. The validity verification server of claim 8 , wherein, the determining the validity status of the registered event further includes: determining the validity status of the registered event based on a response to the simulated network attack received from a computer system corresponding to the acquired location information. 12. The validity verification server of claim 8 , wherein the acquired location information comprises a uniform resource identifier (URI) for a webpage of a network; and the determining the validity status of the registered event includes, receiving a response code for a state of the webpage through a connection to the webpage using the URI, analyzing the received response code, and determine the validity status of the registered event based on results of the analysis of the received response code. 13. The validity verification server of claim 8 , wherein the at least one processor is further configured to provide a user interface for designating a validity status for the registered event. 14. The validity verification server of claim 8 , wherein the collecting the raw data associated with the registered event further includes: collecting the raw data associated with the registered event from a database included in the security device corresponding to the registered event. 15. A non-transitory computer readable medium storing computer readable instructions which, when executed by at least one processor, cause the at least one processor to perform a method comprising: receiving an event to be analyzed from a security information & event management (SIEM) server, the event to be analyzed corresponding to a potential attack, the event to be analyzed selected by the SIEM server from a plurality of events detected by different security devices based on a desired correlation rule used to filter the plurality of events received by the different security devices; regis