THE METHOD AND SYSTEM USING PATTERN MATCHING UNIT FOR DETECTING MALICIOUS TRAFFIC

摘要

PURPOSE: A method and a system using pattern matching unit for detecting malicious traffic are provided to reduce matching time of the signature by performing pattern matching process individually regardless of the number of signature. CONSTITUTION: The packet information is collected(S510). The packet information is analyzed(S520). The packet information and the pre-stored pattern are matched(S550). If the packet information matches with the pattern, the identification code is given to the packet information(S570). The packet information is matched with one or more signatures which are defined in advance(S580). If the packet information matches with the signature, the log of the malicious traffic detection is left(S590,S610). In case the payload size is 0, the packet information matches with non-pattern signature(S540,S560).