摘要 |
A hardware-based intrusion prevention device, and a system and method thereof are provided to realize an intrusion detection process in SoC(System on Chip) type, thereby remarkably improving a processing speed while magnifying intrusion prevention effect by performing bandwidth management as well as pattern matching. It is detected whether an abnormal session is formed through packets incoming from an external network or an internal network(S301,S303). It is detected whether the packets incoming from the external network refer to harmful traffic(S305). If not, a predetermined preprocessing procedure for pattern matching is carried out with regards to the packets incoming from the external network(S307). The pattern matching is executed to decide whether an intrusion upon the packets which pass through the preprocessing process occurs. Predetermined intrusion prevention measures corresponding to each packet decided as being intruded by the abnormal session detection, harmful traffic detection, or pattern matching are taken(S309,S317).
|