公开(公告)号：KR100770357B1

公开(公告)日：2007-10-25

申请号：KR1020070054541

申请日：2007-06-04

Applicant: 펌킨네트웍스(주)

Inventor： 권희웅 ,  정윤재 ,  왕정석 ,  곽후근 ,  정규식

IPC: G06F15/00

Abstract: A high performance intrusion prevention system for reducing the number of signature matching with signature hashing and a method thereof are provided to have a stable pattern matching time of packets even through the number of signatures is increased by reducing the number of signature matching with signature hashing. A rule table(31) stores various attack patterns including a protocol type, a port number, a signature, and a signature starting position in a rule type. A signature hash table(32) stores a hash value of each signature by calculating the hash value with a predetermined data value as many as a part of bytes of the signature in a rule. A rule matching module(33) finds the rule by calculating the hash value of the current packet and searching the corresponding rule from the signature hash table, compares the rules with the current packets, and repeats previous steps while moving a partial pattern by one byte until the attack pattern is found in the current packet or an end part of the current packet is found.

Abstract translation: 提供了一种用于减少签名散列的签名匹配数量的高性能入侵防御系统及其方法，通过减少与签名散列的签名匹配数量，即使通过签名数量也能使分组的稳定模式匹配时间增加。 规则表（31）在规则类型中存储包括协议类型，端口号，签名和签名开始位置的各种攻击模式。 签名散列表（32）通过以规则中签名的字节数多达到预定数据值来计算散列值来存储每个签名的哈希值。 规则匹配模块（33）通过计算当前分组的哈希值并从签名散列表中搜索相应的规则来查找规则，将规则与当前分组进行比较，并在将部分模式移动一个字节的同时重复先前的步骤 直到在当前分组中找到攻击模式或找到当前分组的结束部分。