APPARATUS FOR DETECTING INTRUSION USING PATTERN AND METHOD THEREOF

摘要

An apparatus and a method for detecting an intrusion using a pattern are provided to increase a processing speed by considerably reducing an overload caused as whether a packet is harmful is inspected by every rule whenever a packet is inputted. A rule generating unit(103) classifies intrusion detection rules into rules having a contents inspection part and rules not having the contents inspection part, assigns an index to respective rules, and outputs the same to a device that performs matching, and at the same time, stores them. An extracting unit(101) extracts a payload and an address of a packet, and outputs the same to the device. An inspecting unit(105) inspects a corresponding rule based on the index. The rule generating unit patternizes an IP address part with respect to the rules without the contents inspection part, among the intrusion detection rules.