Packet intrusion detection rule simplification apparatus and method, and packet intrusion detection apparatus and method using simplified intrusion detection rule

摘要

A packet intrusion detection rule simplification apparatus and method and an intrusion detection apparatus and method are provided. Test conditions of at least one intrusion detection rules are rearranged based on test items, and the same test conditions for the same test items are grouped. Group rules having a connection structure of the test conditions are generated so that the test items and orders of the intrusion detection rules are satisfied. A common rule consisting of test conditions existing at the test start positions in the connection structure of the group rules is generated. Next, packet intrusion detection is performed by using the common rule, and the packet intrusion detection is performed by using the group rules. According, it is possible to reduce a load involved in the intrusion detection process by using the grouped and simplified intrusion detection rules.