TWO-STAGE INTRUSION DETECTION SYSTEM FOR HIGH SPEED PACKET PROCESS USING NETWORK PROCESSOR AND METHOD THEREOF

摘要

PURPOSE: Network processor based two-step intrusion detection device and method for high-speed packet processing are provided to perform intrusion detection using a network processor by classifying a packet into a packet header and a packet payload. CONSTITUTION: A first intrusion detector(201) performs intrusion detection with respect to a protocol field of layer3 and layer4 in the information included in a packet header of a packet transmitted to an intrusion detection device. When the intrusion is not detected, the first intrusion detector classifies the packet according to a flow. The first intrusion detector transmits the classified flow to a second intrusion detector(202). The second intrusion detector performs intrusion detection through DIP(Deep Packet Inspection) with respect to a packet payload of the packet transmitted from the first intrusion detector using a second network processor. [Reference numerals] (201) First intrusion detector; (202) Second intrusion detector; (204) First network processor; (205) Packet header invasion condition; (206) Second network processor; (207) Payloader invasion condition