| 摘要 |
PURPOSE: A multi-stage intrusion detection engine is provided to efficiently reduce the load of each host in which a hybrid intrusion detection system by composing the engine of the hybrid intrusion detection system as 3 stages and expanding the region of trespass search. CONSTITUTION: A primary engine(11) stores a plurality of rules having a data pattern judged as trespass, and detects the same pattern in the rules from intrusion detection data. A secondary engine(12) stores combinations of the rules judged as trespass, and judges whether the rules having the same pattern with the intrusion detection data correspond to the combinations. A tertiary engine(13) searches whether trespass is generated using judgement information of the secondary engine(12).
|
