A HIGH PERFORMANCE INTRUSION PREVENTION SYSTEM OF REDUCING THE NUMBER OF SIGNATURE MATCHING USING SIGNATURE HASHING AND THE METHOD THEREOF

摘要

A high performance intrusion prevention system for reducing the number of signature matching with signature hashing and a method thereof are provided to have a stable pattern matching time of packets even through the number of signatures is increased by reducing the number of signature matching with signature hashing. A rule table(31) stores various attack patterns including a protocol type, a port number, a signature, and a signature starting position in a rule type. A signature hash table(32) stores a hash value of each signature by calculating the hash value with a predetermined data value as many as a part of bytes of the signature in a rule. A rule matching module(33) finds the rule by calculating the hash value of the current packet and searching the corresponding rule from the signature hash table, compares the rules with the current packets, and repeats previous steps while moving a partial pattern by one byte until the attack pattern is found in the current packet or an end part of the current packet is found.