摘要 |
Provided are a packet- and signature-based intrusion detection device and intrusion detection method, the device comprising: a packet collecting unit for creating a plurality of packet groups by collecting and classifying, in real time, packets which are transferred over a network; a memory unit for storing a plurality of signature subsets into which a plurality of signatures for attack packet detection are classified on the basis of a predetermined criterion, the plurality of signatures being included in a signature set, wherein each of the signature subsets includes one or more signatures that meet the criterion; and a plurality of cores for inspecting the packet groups, wherein each of the cores comprises: a central processing unit for detecting attack packets within the packet groups on the basis of the corresponding signature subsets; and a direct memory access (DMA) for storing the packet groups and load-balancing the packet groups to the plurality of cores. |