TWO-STAGE INTRUSION DETECTION SYSTEM FOR HIGH-SPEED PACKET PROCESSING USING NETWORK PROCESSOR AND METHOD THEREOF
First Claim
1. An intrusion detection system, comprising:
- a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field, among information included in a packet header of packets transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and
a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment.
240 Citations
16 Claims
-
1. An intrusion detection system, comprising:
-
a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field, among information included in a packet header of packets transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An intrusion detection method of an intrusion detection system including a first intrusion detector and a second intrusion detector, the intrusion detection method comprising:
-
performing intrusion detection on layer 3 and layer 4 of a protocol field, among information included in a packet header of a packet transmitted to the intrusion detection system, by allowing the first intrusion detector to use a first network processor; classifying the packets according to stream by the first intrusion detector and transmitting the classified packets to the second intrusion detector when no intrusion is detected as a result of performing the intrusion detection; and performing intrusion detection through deep packet inspection (DPI) for a packet payload of the packet transmitted from the first intrusion detector by allowing the second intrusion detector to use a second network processor. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification