NETWORK BASED IDS

摘要

PURPOSE: A network based IDS(Intrusion Detection System) is provided to enhance a packet catch performance by catching a small size packet in a high speed network without a loss and to fast and exactly detect the misuse and the abnormal activity in the network. CONSTITUTION: The system comprises an intrusion detect sensor(130) detecting the misuse through the pattern matching after collecting the packets by connecting to the network, and an intrusion detect server generating a normal profile for each source by receiving the packets collected by the intrusion detect sensor and detecting the abnormal activity. The intrusion sensor includes a packet collecting and distributing part collecting and distributing the packet from the network, a pattern matching part detecting the intrusion by comparing the packet transferred from the packet collecting and distributing part with the previously stored pattern, a packet filtering and dissembling part dissembling the packet from the pattern matching part, and a distributing part for transferring the data from the packet filtering and dissembling part to the intrusion detect server.