There are provided a method and an apparatus for detecting attacks and automatically generating attack signatures based on signature merging. A method for detecting attacks and automatically generating attack signatures based on signature merging includes detecting a character string matched to at least one previously stored compressed attack signature in an input packet received from a network, determining whether the character string detected in the primary attack detection is matched to at least one previously stored individual attack signature, and, if the detected character string is matched to the at least one previously stored individual attack signature, determining the input packet as an attack packet, and, if the detected character string is not matched, determining the input packet as a new attack signature.