Two-stage intrusion detection system for high-speed packet processing using network processor and method thereof

Assignee

• KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY · KR

Inventors

• Young Han Choi · Seoul, KR
• Deok Jin Kim · Seoul, KR
• Sung Lee · Palo Alto, US
• Man-Hee Lee · Daejeon, KR
• Byung-Chul BAE · Daejeon, KR
• Sang Woo Park · Seoul, KR
• E-Joong YOON · Daejeon, KR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0245
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment.