TWO-STAGE INTRUSION DETECTION SYSTEM FOR HIGH SPEED PACKET PROCESS USING NETWORK PROCESSOR AND METHOD THEREOF
摘要
PURPOSE: Network processor based two-step intrusion detection device and method for high-speed packet processing are provided to perform intrusion detection using a network processor by classifying a packet into a packet header and a packet payload. CONSTITUTION: A first intrusion detector(201) performs intrusion detection with respect to a protocol field of layer3 and layer4 in the information included in a packet header of a packet transmitted to an intrusion detection device. When the intrusion is not detected, the first intrusion detector classifies the packet according to a flow. The first intrusion detector transmits the classified flow to a second intrusion detector(202). The second intrusion detector performs intrusion detection through DIP(Deep Packet Inspection) with respect to a packet payload of the packet transmitted from the first intrusion detector using a second network processor. [Reference numerals] (201) First intrusion detector; (202) Second intrusion detector; (204) First network processor; (205) Packet header invasion condition; (206) Second network processor; (207) Payloader invasion condition
申请公布号
KR20130068631(A)
申请公布日期
2013.06.26
申请号
KR20110135926
申请日期
2011.12.15
申请人
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
发明人
CHOI, YOUNG HAN;KIM, DEOK JIN;LEE, SUNG RYOUL;LEE, MAN HEE;BAE, BYUNG CHUL;PARK, SANG WOO;YOON, E JOONG