INTRUSION DETECTION METHOD AND APPARATUS USING APPLICATION PROTOCOL INFERENCE

摘要

PURPOSE: A network intrusion detection method and apparatus using application protocol inference are provided to prevent the waste of resources and time by creating a protocol model without previous examination for target services. CONSTITUTION: A keyword extracting unit(140) extracts characters as keywords from a packet. A protocol extracting unit extracts a usage case of protocol using the keywords extracted by the keyword extracting unit. A model generating unit(160) creates a protocol model on the basis of stored PTA(Prefix Tree Acceptor). An intrusion detecting unit(170) executes network intrusion detection using the new protocol model.