摘要 |
An intrusion detecting method in a network system is provided to perform pattern matching by re-assembling a fragmented packet, currently arriving, with continuous fragmented packets which has previously arrived and stored in a packet buffer, thereby predicting a size of a search buffer necessary for pattern reassembling and according enabling an administrator to easily manage the search buffer. An intrusion detecting method in a network system comprises the following steps of: merging a payload part of a fragmented packet, which currently arrives, with contents stored in a packet buffer and storing the merged contents in a search buffer(220); initializing the packet buffer if the fragmented packet, currently arriving, is the last fragmented pack(250); copying a part, set as a cut-off area, to the packet buffer and updating the contents of the packet buffer if the fragmented packet, which currently arrives, is not the last fragmented pack(240); and performing a predetermined pattern matching algorithm on the contents stored in the search buffer and searching whether a malicious code has intruded or not(260).
|
申请人 |
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE |
发明人 |
CHUNG, BO HEUNG;RYU, SEUNG HO;LIM, JAE DEOK;KIM, YOUNG HO;KIM, KI YOUNG |