公开(公告)号：KR100772523B1

公开(公告)日：2007-11-01

申请号：KR20060072649

申请日：2006-08-01

Applicant: KOREA ELECTRONICS TELECOMM

Inventor： LIM JAE DEOK ,  KIM YOUNG HO ,  RYU SEUNG HO ,  CHUNG BO HEUNG ,  KIM KI YOUNG

IPC: H04L12/22 ,  G06F15/16 ,  H04L12/28

CPC classification number: H04L63/1416 ,  H04L63/0263 ,  H04L69/16 ,  H04L69/161

Abstract: An apparatus and a method for detecting an intrusion using a pattern are provided to increase a processing speed by considerably reducing an overload caused as whether a packet is harmful is inspected by every rule whenever a packet is inputted. A rule generating unit(103) classifies intrusion detection rules into rules having a contents inspection part and rules not having the contents inspection part, assigns an index to respective rules, and outputs the same to a device that performs matching, and at the same time, stores them. An extracting unit(101) extracts a payload and an address of a packet, and outputs the same to the device. An inspecting unit(105) inspects a corresponding rule based on the index. The rule generating unit patternizes an IP address part with respect to the rules without the contents inspection part, among the intrusion detection rules.

Abstract translation: 提供一种用于使用模式检测入侵的装置和方法，用于通过显着减少由于每当输入分组时由每个规则检查分组是否有害而引起的过载而增加处理速度。 规则生成单元（103）将入侵检测规则分类为具有内容检查部分和不具有内容检查部分的规则的规则，向相应的规则分配索引，并将其输出到执行匹配的设备，并且同时 ，存储他们。 提取单元（101）提取分组的有效载荷和地址，并将其输出到设备。 检查单元（105）根据索引检查相应的规则。 在入侵检测规则中，规则生成单元相对于没有内容检查部分的规则对IP地址部分进行模式化。