1. Field of the Invention
Exemplary embodiments of the present invention relate to a system and a method for detecting network intrusion using a network processor. In particular, exemplary embodiments of the present invention relate to a technology for performing intrusion detection by dividing processing of a packet header and a packet payload of a packet, input through a network, into two stages to perform high-speed packet processing.
2. Description of Related Art
When transmitting and receiving data through a network, an intrusion detection system for monitoring network traffic has been used so as to intercept network intrusion operations, such as Denial of Service attacks (DoS attacks), port scans, computer crack attempts, and the like, into a predetermined device that is connected to a network.
The intrusion detection system reads all of the packets to be received and searches for dubious patterns. That is, for example, when a very large number of TCP connection requests find a pattern whereby connection attempts using various ports are made, it is possible to detect that port scanning is being attempted by a third party.
However, when a high-speed packet transmitted through a network is processed, packets may be leaked. Therefore, the related art has a problem in that intrusion detection for traffic including all packets is not performed. Further, in order to overcome this problem, a method for distributing network traffic (KR Patent Application No. 10-2009-0076612: Intrusion detection system and method for cooperative multi-server and intrusion detection control system and method’) has been proposed. However, this distribution method may not decrease the amount of traffic to be processed.