1. Field of the Invention
The present invention relates to a method and apparatus for improving an intrusion detection performance by using a hardware-based content board in a low-cost and low-performance intrusion detection system, and more particularly, to a method and apparatus for performing intrusion detection capable of performing pattern matching including payload matching and Internet protocol (IP) address matching at a low cost by using a commercial hardware-based content board having a low-cost standard interface (for example, a peripheral component interface (PCI)).
2. Description of the Related Art
A high cost, high performance intrusion detection system can maximize performance by implementing an intrusion detection algorithm and other functions in hardware through an application-specific integrated circuit (ASIC) or microcoding. However, since the system incurs an extremely high cost, medium and small companies and small office/home office (SOHO) companies cannot afford it.
Recently, there is a tendency that the intrusion detection system requires a line-speed performance, and products having the performance have been introduced. However, the costs are too high for the medium and small companies and the SOHO companies to buy and use these products. This system implements packet decoding and a matching algorithm into an ASIC and uses a memory such as a Ternary content-addressable memory (TCAM) having a high cost for more rapid matching. Meanwhile, software-based intrusion detection systems have been introduced to a medium and low cost market. However, performance of the system is not satisfactory.