APPARATUS AND METHOD FOR IMPROVING DETECTION PERFORMANCE OF INTRUSION DETECTION SYSTEM

摘要

An apparatus for improving detection performance of an intrusion detection system includes a transformed detected data generation unit for changing original detected data, detected based on current detection rules, to transformed detected data complying with transformed detected data standard. A transformed detected data classification unit classifies the transformed detected data by attack type, classifies transformed detected data for attack types by current detection rule, and classifies transformed detected data for detection rules into true positives/false positives. A transformed keyword tree generation unit generates a true positive transformed keyword tree and a false positive transformed keyword tree. A true positive path identification unit generates a true positive node, and identifies a true positive path connecting a base node to the true positive node in the true positive transformed keyword tree. A true positive detection pattern generation unit generates a true positive detection pattern based on the true positive path.