1. Field
The present invention relates to an apparatus and method of securing a network, and more particularly, to an apparatus and method of securing a network for detecting and blocking a dynamic attack on a network packet using hardware logic.
2. Description of the Related Art
FIG. 1 is a view showing the configuration of a conventional network security apparatus.
Referring to FIG. 1, a pattern matching engine 21 corresponding to a first security module initially performs hardware-based filtering to detect a static attack of a network packet input through an interface (I/F) unit 10. Then, a packet determined to be normal as a result of the filtering and the result of performing a filtering process are transmitted to a main central processing unit (CPU) 40 corresponding to a second security module through a peripheral component interconnect 30 (hereinafter, referred to as a PCI).
The main CPU 40 corresponding to the second security module classifies the normal packet transmitted from the pattern matching engine 21 according to the protocol, reconfigures an IP packet, and operates a previously defined ‘dynamic attack detection module’ for detecting a dynamic attack on each protocol, i.e., performs software-based filtering for a dynamic attack. In addition, after the static and dynamic attacks are filtered by the pattern matching engine 21 and the main CPU 40, the main CPU 40 transmits a response policy based on the result of each filtering to a response engine 22 to block an abnormal packet.
As described above, in the prior art, only a static attack of a network packet is detected based on hardware, and a dynamic attack is detected by the main CPU 40 based on software.
Accordingly, the above prior art has following problems.
First, since the main CPU 40 detects a dynamic attack through a post-detection logic processed based on software, there is a weak point in accuracy of detection and requirements on real-time. For example, if detection filters are added to detect dynamic attacks, detection ability for other attacks is lowered due to the degradation of processing performance of the main CPU 40, so that the accuracy of detecting a dynamic attack is lowered due to packet loss incurred thereby.
In addition, since the pattern matching engine 21 corresponding to the first security module transmits a normal packet and a filtering result to the main CPU 40 corresponding to the second security module and the main CPU processes the packet, if transmission is delayed when transmitting the normal packet and the filtering result, a loss of normal packets and filtering results subsequently transmitted occurs